Ukuba sengozini (CVE-5.1-2022) kukhonjwe ekusetshenzisweni kwesixhumi esibonakalayo se-io_uring asynchronous input/output, okufakwe ku-Linux kernel kusukela ekukhululweni okungu-2602, okuvumela umsebenzisi ongenalo ilungelo ukuthi athole amalungelo ezimpande ohlelweni. Inkinga iqinisekisiwe egatsheni 5.4 kanye nezinhlamvu kusukela egatsheni 5.15.
Ukuba sengozini kubangelwa ibhulokhi yememori yokusebenzisa ngemva kwamahhala ohlelweni olungaphansi lwe-io_uring, okwenzeka ngenxa yesimo somjaho lapho kucutshungulwa isicelo se-io_uring efayeleni eliqondiwe ngesikhathi sokuqoqwa kukadoti kumasokhethi e-Unix, uma umqoqi kadoti ekhulula bonke ababhalisiwe. izichazi zefayela kanye nesichazi sefayela io_uring esebenza ngaso. Ukuze udale izimo ngokwenziwa ukuze ubungozi buzibonakalise, ungalibazisa isicelo usebenzisa i-userfaultfd kuze kube yilapho umqoqi kadoti ekhipha inkumbulo.
Abacwaningi abahlonze inkinga bamemezele ukudalwa kokusebenza okusebenzayo, abahlose ukukushicilela ngo-Okthoba 25 ukuze banikeze abasebenzisi isikhathi sokufaka izibuyekezo. Ukulungiswa kuyatholakala njengamanje njengepheshi. Izibuyekezo zokusabalalisa azikakhishwa, kodwa ungakwazi ukulandelela ukutholakala kwazo emakhasini alandelayo: Debian, Ubuntu, Gentoo, RHEL, Fedora, SUSE/openSUSE, Arch.
Source: opennet.ru