Ukuba sengozini okubalulekile kukhonjwe kumojuli ye-ksmbd, ehlanganisa ukuqaliswa kweseva yefayela ngokusekelwe kuphrothokholi ye-SMB eyakhelwe ku-Linux kernel, evumela ukukhishwa kwekhodi okukude ngamalungelo e-kernel. Ukuhlasela kungenziwa ngaphandle kokuqinisekisa, kwanele ukuthi imodyuli ye-ksmbd icushwe ohlelweni. Inkinga ibikhona kusukela ku-kernel 5.15, ekhishwe ngoNovemba 2021, futhi yalungiswa buthule kuzibuyekezo 5.15.61, 5.18.18, kanye 5.19.2, ezakhiwe ngo-Agasti 2022. Njengoba inkinga ingakanikezwa isihlonzi se-CVE, alukho ulwazi oluqondile mayelana nokulungisa inkinga ekusabalaliseni okwamanje.
Imininingwane mayelana nokuxhashazwa kokuba sengozini ayikadalulwa, kwaziwa kuphela ukuthi ukuba sengozini kubangelwa ukufinyelela endaweni yenkumbulo esivele ikhululiwe (Sebenzisa-Ngemva Kokukhululeka) ngenxa yokuntuleka kokuhlola ubukhona bento ngaphambi kokwenza imisebenzi. ngayo. Inkinga ihlobene neqiniso lokuthi kumsebenzi smb2_tree_disconnect() umsebenzi, inkumbulo eyabelwe ukwakheka kwe-ksmbd_tree_connect yakhululwa, kodwa ngemva kwalokho kwakusenesikhombi esisetshenziswa lapho kucutshungulwa izicelo ezithile zangaphandle eziqukethe imiyalo ye-SMB2_TREE_DISCONNECT.
Ngokungeziwe ekubeni sengozini okukhulunywe ngakho ku-ksmbd, izinkinga ezi-4 ezingenabungozi kangako nazo ziyalungiswa:
- I-ZDI-22-1688 - ukukhishwa kwekhodi ekude namalungelo e-kernel ngenxa yokuntuleka kokuhlola usayizi wangempela wedatha yangaphandle kukhodi yokucubungula isibaluli sefayela ngaphambi kokuyikopisha kusigcinalwazi esabiwe. Ingozi yokuba sengozini incishiswa iqiniso lokuthi ukuhlasela kungenziwa kuphela umsebenzisi ogunyaziwe.
- I-ZDI-22-1691 - ukuvuza kolwazi olukude kumemori ye-kernel ngenxa yokuhlola okungalungile kwemingcele yokufaka kusiphathi somyalo we-SMB2_WRITE (ukuhlasela kungenziwa kuphela ngumsebenzisi oqinisekisiwe).
- I-ZDI-22-1687 - ukuphika okukude kwesevisi ngokukhathala kwememori etholakalayo ohlelweni ngenxa yokukhululwa okungalungile kwezinsiza kumphathi womyalo we-SMB2_NEGOTIATE (ukuhlasela kungenziwa ngaphandle kokuqinisekisa).
- I-ZDI-22-1689 - ucingo olukude lokuphahlaza i-kernel ngenxa yokuntuleka kokuhlolwa okufanele kwemingcele yomyalo we-SMB2_TREE_CONNECT, okuholela ekufundeni endaweni engaphandle kwe-buffer (ukuhlasela kungenziwa kuphela ngumsebenzisi ogunyaziwe. ).
Usekelo lokusebenzisa iseva ye-SMB kusetshenziswa imojuli ye-ksmbd lufakiwe kuphakheji ye-Samba kusukela ekukhululweni kuka-4.16.0. Ngokungafani neseva ye-SMB yendawo yomsebenzisi, i-ksmbd isebenza kahle kakhulu ngokuya ngokusebenza, ukusetshenziswa kwememori, nokuhlanganiswa nezici ezithuthukile ze-kernel. I-Ksmbd ithathwa njengesandiso esisebenza kahle kakhulu, esishumekiwe esilungele i-Samba, esihlanganisa namathuluzi e-Samba nemitapo yolwazi njengoba kudingeka. Ikhodi ye-ksmbd yabhalwa ngu-Namjae Jeon wakwa-Samsung kanye noHyunchul Lee wakwa-LG, futhi yagcinwa ku-kernel nguSteve French we-Microsoft, umnakekeli wezinhlelo ezingaphansi ze-CIFS/SMB2/SMB3 ku-Linux kernel kanye nelungu lesikhathi eside leqembu lokuthuthukisa i-Samba, obambe iqhaza elikhulu. ekusetshenzisweni kosekelo lwezivumelwano ze-SMB/CIFS ku-Samba ne-Linux.
Source: opennet.ru