Ubungozi obusha obubili buhlonziwe kusistimu engaphansi ye-eBPF, ekuvumela ukuthi usebenzise izibambi ngaphakathi kwe-Linux kernel emshinini okhethekile obonakalayo one-JIT. Kokubili ubungozi bukwenza kube nokwenzeka ukusebenzisa ikhodi yakho ngamalungelo e-kernel, ngaphandle komshini obonakalayo we-eBPF ohlukanisiwe. Ulwazi mayelana nezinkinga lushicilelwe ithimba le-Zero Day Initiative, eliqhuba umncintiswano we-Pwn2Own, lapho kulo nyaka ukuhlaselwa kathathu ku-Ubuntu Linux kwaboniswa ukuthi kusetshenziswe ubungozi obungaziwa ngaphambilini (ukuthi ubungozi ku-eBPF buhlobene nalokhu kuhlasela akubikwa yini) .
- I-CVE-2021-3490 - Ukuba sengozini kubangelwa ukushoda kokuhlolwa kwe-32-bit ngaphandle kwemingcele lapho kwenziwa imisebenzi e-bitwise KANYE, NOMA, kanye ne-XOR ku-eBPF ALU32. Umhlaseli angasebenzisa leli phutha ukuze afunde futhi abhale idatha ngaphandle kwemingcele yebhafa eyabelwe. Inkinga ngokusebenza kwe-XOR ivela ku-kernel version 5.7-rc1, kanye KANYE kanye no-OR - kusukela ku-5.10-rc1.
- I-CVE-2021-3489 - Ukuba sengozini kubangelwa iphutha ekusetshenzisweni kwe-ring buffer futhi kungenxa yokuthi umsebenzi we-bpf_ringbuf_reserve awuzange uhlole ukuthi kungenzeka yini ukuthi usayizi wendawo yenkumbulo eyabiwe ingaba ngaphansi kosayizi wangempela. kwe-ringbuf. Inkinga ivela kusukela ekukhululweni kwe-5.8-rc1.
Isimo sokukhubazeka kokuchibiyela ekusabalaliseni singalandelelwa kulawa makhasi: Ubuntu, Debian, RHEL, Fedora, SUSE, Arch). Ukulungiswa kuyatholakala futhi njengama-patches (CVE-2021-3489, CVE-2021-3490). Ukuthi inkinga ingasetshenziswa yini kuncike ekutheni ikholi yesistimu ye-eBPF iyafinyeleleka yini kumsebenzisi. Isibonelo, ekucushweni okuzenzakalelayo ku-RHEL, ukuxhashazwa kokuba sengozini kudinga ukuthi umsebenzisi abe namalungelo e-CAP_SYS_ADMIN.
Ngokwehlukana, singabona okunye ubungozi ku-Linux kernel - CVE-2021-32606, evumela umsebenzisi wendawo ukuthi akhuphule amalungelo akhe ezingeni lempande. Inkinga ibonakale kusukela ku-Linux kernel 5.11 futhi ibangelwa isimo somjaho ekusetshenzisweni kwephrothokholi ye-CAN ISOTP, eyenza kube nokwenzeka ukuguqula amapharamitha okubopha isokhethi ngenxa yokuntuleka kokusetha izingidi ezifanele kumsebenzi we-isotp_setsockopt() lapho ucubungula ifulegi le-CAN_ISOTP_SF_BROADCAST.
Ngemuva kokuthi isokhethi ye-ISOTP ivaliwe, ukubophezela kusokhethi kamamukeli kuhlala kusebenza, okungaqhubeka nokusebenzisa izakhiwo ezihlotshaniswa nesokhethi ngemuva kokuthi inkumbulo ehambisana nazo ikhululiwe (ukusetshenziswa-ngemuva kokukhululeka ngenxa yocingo oluya kusakhiwo se-isotp_sock. osekuvele kukhululiwe uma isotp_rcv() ibizwa). Ngokukhohlisa idatha, ungakwazi ukukhipha isikhombi kumsebenzi othi sk_error_report() bese usebenzisa ikhodi yakho ezingeni le-kernel.
Source: opennet.ru