Enhliziyweni Linux Kutholakale ubuthakathaka obubili obufana nobuthakathaka be-Copy Fail obudalulwe ezinsukwini ezimbalwa ezedlule, kodwa buthinta izinhlelo ezingaphansi ezahlukene—i-xfrm-ESP kanye ne-RxRPC. Uchungechunge lobuthakathaka luqanjwe ngekhodi i-Dirty Frag (ebizwa nangokuthi i-Copy Fail 2). Lobu buthakathaka buvumela umsebenzisi ongenamalungelo okuthola amalungelo okuthola amalungelo okuvula ngokubhala ngaphezulu idatha yenqubo ku-cache yekhasi. Kukhona i-exploit esebenza kuzo zonke izabelo zamanje. LinuxUbungozi buvezwe ngaphambi kokuba kukhishwe ama-patches, kodwa kukhona indlela yokuxazulula inkinga.
I-Dirty Frag ihlanganisa ubuthakathaka obubili obuhlukene: owokuqala kumojuli ye-xfrm-ESP, osetshenziselwa ukusheshisa imisebenzi yokubethela ye-IPsec kusetshenziswa iphrothokholi ye-ESP (Encapsulating Security Payload), kanye nowesibili kumshayeli we-RxRPC, osebenzisa umndeni wesokhethi we-AF_RXRPC kanye nephrothokholi ye-RPC yegama elifanayo, esebenza phezu kwe-UDP. Ubuthakathaka ngabunye, obuthathwa ngokwehlukana, buvumela amalungelo ezimpande. Ubuthakathaka ku-xfrm-ESP bubonakala ku-kernel. Linux kusukela ngoJanuwari 2017, kanye nokuba sengozini ku-RxRPC kusukela ngoJuni 2023. Zombili izinkinga zibangelwa ukulungiswa okuvumela ukubhala okuqondile ku-cache yekhasi.
Ukuze kusetshenziswe ubuthakathaka ku-xfrm-ESP, umsebenzisi kumele abe namalungelo okudala izikhala zamagama, futhi ukuze kusetshenziswe ubuthakathaka ku-RxRPC, ikhono lokulayisha i-kernel module rxrpc.ko kumele libe khona. Isibonelo, ku Ubuntu Imithetho ye-AppArmor ivimbela abasebenzisi abangenamalungelo ekudaleni izikhala zamagama, kodwa imojuli ye-rxrpc.ko ilayishwa ngokuzenzakalelayo. Okunye ukusatshalaliswa akunayo imojuli ye-rxrpc.ko, kodwa ukudalwa kwesikhala samagama akuvinjiwe. Umcwaningi othole inkinga wakha i-exploit ehlangene ekwazi ukuhlasela uhlelo ngokusebenzisa ubuthakathaka obubili, okwenza kube nokwenzeka ukusebenzisa inkinga kuzo zonke izabelo ezinkulu. Ukusatshalaliswa kuqinisekisiwe ukuthi kuzosebenza ku Ubuntu 24.04.4 ene-kernel 6.17.0-23, i-RHEL 10.1 ene-kernel 6.12.0-124.49.1, i-openSUSE Tumbleweed ene-kernel 7.0.2-1, CentOS Sakaza i-10 nge-kernel 6.12.0-224, AlmaLinux 10 ene-kernel 6.12.0-124.52.3 kanye ne-Fedora 44 ene-kernel 6.19.14-300.
Njengoba kunjalo ngokuba sengozini kwe-Copy Fail, izinkinga ku-xfrm-ESP kanye ne-RxRPC zibangelwa ukucazululwa kwedatha endaweni kusetshenziswa umsebenzi we-splice(), odlulisela idatha phakathi kwezincazelo zamafayela namapayipi ngaphandle kokukopisha, ngokudlulisa izinkomba ezintweni ezikwi-cache yekhasi. Ama-offsets okubhala abalwe ngaphandle kokuhlolwa okufanele ukuze kubhekwe ukusetshenziswa kwezinkomba eziqondile ezintweni ezikwi-cache yekhasi, okuvumela izicelo ezenziwe ngokukhethekile ukuthi zibhale ngaphezulu ama-byte angu-4 ku-offsets ethile futhi zishintshe okuqukethwe kwanoma yiliphi ifayela elikwi-cache yekhasi.
Yonke imisebenzi yokufunda amafayela ithola okuqukethwe ku-cache yekhasi kuqala. Uma idatha ku-cache yekhasi ishintshiwe, imisebenzi yokufunda amafayela izobuyisela idatha eshintshiwe, hhayi ulwazi lwangempela olugcinwe ku-drive. Ukusetshenziswa kobuthakathaka kuphelela ekuguquleni i-cache yekhasi yefayela elisebenzisekayo elinefulegi lempande ye-suid. Isibonelo, ukuze uthole amalungelo empande, umuntu angafunda ifayela elisebenzisekayo /usr/bin/su ukuze alibeke ku-cache yekhasi, bese efaka ikhodi yakhe kokuqukethwe kwaleli fayela elilayishwe ku-cache yekhasi. Ukuqaliswa okulandelayo kwensiza "ye-su" kuzoholela ekutheni ikhophi eguquliwe kusuka ku-cache yekhasi ilayishwe kwimemori, hhayi ifayela elisebenzisekayo lokuqala kusuka ku-drive.
Ukudalulwa kobungozi kanye nokukhishwa okuhleliwe kwama-patches kwakuhlelwe ngoMeyi 12, kodwa ngenxa yokuvuza, ulwazi lobungozi kwadingeka lushicilelwe ngaphambi kokuba ama-patches akhishwe. Ekupheleni kuka-Ephreli, ama-patches e-rxrpc, i-ipsec, kanye ne-xfrm athunyelwa ohlwini lweposi lomphakathi lwe-netdev ngaphandle kokusho ukuthi ahlobene nobungozi. Ngomhlaka-5 Meyi, umgcini wesistimu engaphansi kwe-IPsec wamukele ushintsho endaweni yokugcina i-netdev Git ngokulungiswa okuphakanyisiwe kumojuli ye-xfrm-esp. Incazelo yoshintsho yayifana kakhulu nencazelo yenkinga eyaholela ekubuthakathaka kwe-Copy Fail kumojuli ye-algif_aead. Umcwaningi wezokuphepha waba nesithakazelo kulokhu kulungiswa, wakwazi ukudala i-exploit esebenzayo, futhi wayishicilela, engazi ukuthi kwakubekwe i-embargo ekudaluleni ulwazi mayelana nale nkinga kuze kube uMeyi 12.
Izibuyekezo ze-Kernel patch Linux Amaphakheji e-kernel ekusakazweni awakashicilelwa, kodwa ama-patches abhekana nezinkinga ayatholakala—i-xfrm-esp kanye ne-rxrpc. Izihlonzi ze-CVE azikabekwa, okwenza kube nzima ukulandelela izibuyekezo zephakheji ekusakazweni. Njengesixazululo, ungavimba ukulayishwa kwamamojula e-kernel esp4, esp6, kanye ne-rxrpc: sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
Source: opennet.ru
