Ukuba sengozini (CVE-2022-2590) kukhonjwe ku-Linux kernel, evumela umsebenzisi ongenalungelo ukuthi aguqule amafayela afakwe kumephu yenkumbulo (i-mmap) namafayela kuma-tmpfs ngaphandle kokuba namalungelo okubhala kuwo, futhi aphakamise amalungelo abo ohlelweni. . Inkinga ekhonjiwe iyafana ngohlobo nokuba sengozini kwe-Dirty COW, kodwa iyahluka ngokuthi ikhawulelwe kuphela kumthelela kudatha kumemori eyabiwe (shmem / tmpfs). Inkinga ingasetshenziswa futhi ukulungisa amafayela asebenzisekayo asebenzisa inkumbulo eyabiwe.
Inkinga ibangelwa isimo somjaho kusistimu engaphansi yokuphatha inkumbulo eyenzeka lapho kusingathwa okuhlukile (iphutha) lapho izama ukubhala ukufinyelela ezindaweni zokufunda kuphela kumemori eyabiwe eboniswa kumodi ye-COW (ikhophi-on-rite mapping). Inkinga ibonakala iqala ku-kernel 5.16 kumasistimu ane-x86-64 kanye ne-aarch64 architecture lapho kwakhiwa i-kernel ngenketho ye-CONFIG_USERFAULTFD=y. Ukuba sengozini kwalungiswa ekukhishweni kuka-5.19. Isibonelo sokuxhashazwa kuhlelwe ukuthi sishicilelwe ngo-Agasti 15.
Source: opennet.ru