Ukuba sengozini (CVE-2021-22555) kukhonjwe ku-Netfilter, isistimu engaphansi ye-Linux kernel esetshenziselwa ukuhlunga nokulungisa amaphakethe enethiwekhi, okuvumela umsebenzisi wasendaweni ukuthi athole amalungelo ezimpande ohlelweni, okuhlanganisa ngenkathi ekwisitsha esisodwa. I-prototype esebenzayo yokuxhashazwa edlula izindlela zokuvikela ze-KASLR, SMAP kanye ne-SMEP ilungiselelwe ukuhlolwa. Umcwaningi othole ubungozi uthole umklomelo ka-$20 ovela ku-Google ngokuhlonza indlela yokudlula ukuhlukaniswa kweziqukathi ze-Kubernetes kuqoqo le-kCTF.
Inkinga ibilokhu ikhona kusukela ku-kernel 2.6.19, ekhishwe eminyakeni engu-15 edlule, futhi ibangelwa iphutha kuzibambi ze-IPT_SO_SET_REPLACE kanye ne-IP6T_SO_SET_REPLACE ebangela ukuchichima kwebhafa lapho kuthunyelwa amapharamitha afomethwe ngokukhethekile ngekholi ye-setsockopt kumodi ye-comat. Ngaphansi kwezimo ezijwayelekile, umsebenzisi oyimpande kuphela ongakwazi ukushaya ucingo ku-comat_setsockopt(), kodwa amalungelo adingekayo ukuze enze ukuhlasela angatholwa nomsebenzisi ongenalungelo kumasistimu anosekelo lwezikhala zamagama zomsebenzisi ezinikwe amandla.
Umsebenzisi angakha isiqukathi esinomsebenzisi ohlukile wempande futhi asebenzise ubungozi kusukela lapho. Isibonelo, "izikhala zamagama zomsebenzisi" zinikwe amandla ngokuzenzakalelayo ku-Ubuntu ne-Fedora, kodwa azivunyelwe ku-Debian ne-RHEL. Isiqephu esilungisa ubungozi samukelwa ku-Linux kernel ngo-Ephreli 13. Izibuyekezo zephakheji sezivele zenziwe amaphrojekthi we-Debian, Arch Linux kanye ne-Fedora. Ku-Ubuntu, i-RHEL ne-SUSE, izibuyekezo ziyalungiswa.
Inkinga yenzeka kumsebenzi we-xt_compat_target_from_user() ngenxa yokubala okungalungile kosayizi wememori lapho ulondoloza izakhiwo ze-kernel ngemva kokuguqulwa kusuka ku-32-bit kuya ku-64-bit. Isiphazamisi sivumela amabhayithi angenalutho amane ukuthi abhalwe kunoma iyiphi indawo ngale kwebhafa eyabelwe eboshwe yi-offset 0x4C. Lesi sici sivele sanele ukudala ukuxhaphaza okuvumela umuntu ukuthi athole amalungelo ezimpande - ngokusula i-m_list->isikhombi esilandelayo kusakhiwo se-msg_msg, izimo zadalwa zokufinyelela idatha ngemva kokukhulula imemori (use-after-free), okuyinto yase isetshenziselwe ukuthola ulwazi mayelana namakheli kanye nezinguquko kwezinye izakhiwo ngokukhohlisa ucingo lwesistimu lwe-msgsnd().
Source: opennet.ru