Abacwaningi bezokuphepha abavela kwa-Google bahlonze ukuba sengozini (CVE-2025-38236) ku-Linux kernel evumela ukukhuphuka kwamalungelo. Phakathi kwezinye izinto, ukuba sengozini kuvumela ukweqa indlela yokuhlukanisa ye-sandbox esetshenziswa ku-Google Chrome kanye nokuzuza ukusetshenziswa kwekhodi yeleveli ye-kernel lapho kusetshenziswa ikhodi kumongo wenqubo ehlukile yokunikezela ye-Chrome (isibonelo, uma usebenzisa obunye ubungozi ku-Chrome). Inkinga ibonakala iqala nge-Linux kernel 6.9 futhi yalungiswa ku-Linux kernel updates 6.1.143, 6.6.96, 6.12.36, kanye no-6.15.5. I-prototype ye-exploit iyatholakala ukuze ilandwe.
Ukuba sengozini kubangelwa iphutha lokusetshenziswa kufulegi le-MSG_OOB, elingasethelwa amasokhethi e-AF_UNIX. Ifulegi le-MSG_OOB ("i-out-of-band") livumela i-byte eyengeziwe ukuthi inamathiselwe kudatha ethunyelwayo, umamukeli angakwazi ukuyifunda ngaphambi kokuba yonke idatha yamukelwe. Leli fulegi lengezwe ku-Linux 5.15 kernel ngesicelo se-Oracle futhi lahlongozwa ukuthi lihoxiswe ngonyaka odlule ngenxa yokuthi lalingasetshenziswa kakhulu.
Ukusebenzisa i-sandbox ye-Chrome kuvumele ukusebenza kwesokhethi ye-UNIX kanye namakholi wesistimu yokuthumela()/recv() lapho ifulegi le-MSG_OOB lalivunyelwe kanye nezinye izinketho futhi lingazange lihlungwe ngokuhlukana. Isiphazamisi ekusetshenzisweni kwe-MSG_OOB sivumele isimo sokusebenzisa ngemva kokukhululeka ukuthi senzeke ngemva kokwenza izingcingo zesistimu ezilandelanayo: char dummy; amasokisi [2]; i-socketpair(AF_UNIX, SOCK_STREAM, 0, amasokisi); send(amasokisi[1], "A", 1, MSG_OOB); recv(amasokisi[0], &dummy, 1, MSG_OOB); send(amasokisi[1], "A", 1, MSG_OOB); recv(amasokisi[0], &dummy, 1, MSG_OOB); send(amasokisi[1], "A", 1, MSG_OOB); recv(amasokisi[0], &dummy, 1, 0); recv(amasokisi[0], &dummy, 1, MSG_OOB);
Source: opennet.ru
