Kutholakale ubuthakathaka obubili obusha ohlelweni olungaphansi lwe-eBPF oluvumela abaphathi ukuthi basebenze ngaphakathi kwe-kernel. Linux emshinini okhethekile obonakalayo one-JIT. Zombili lezi zingqinamba zivumela ukusetshenziswa kwekhodi ngamalungelo e-kernel, ngaphandle komshini obonakalayo we-eBPF ohlukanisiwe. Ulwazi mayelana nezinkinga lushicilelwe yithimba le-Zero Day Initiative, eliqhuba umncintiswano we-Pwn2Own, obonise ukuhlaselwa okuthathu kulo nyaka. Ubuntu Linux, eyayisebenzisa ubuthakathaka obungaziwa ngaphambilini (akubikiwe ukuthi ubuthakathaka ku-eBPF buhlobene nalokhu kuhlaselwa).
- I-CVE-2021-3490 iwukuba sengcupheni okubangelwa ukuntuleka kokuhlola okungaphandle kwemingcele kwamanani angu-32-bit uma kwenziwa imisebenzi e-bitwise KANYE, NOMA, kanye ne-XOR ku-eBPF ALU32. Umhlaseli angasebenzisa leli phutha ukuze afunde futhi abhale idatha ngaphandle kwemingcele yebhafa enikeziwe. Udaba ngokusebenza kwe-XOR lukhona kusukela kunguqulo ye-kernel 5.7-rc1, futhi nge-AND kanye ne-OR imisebenzi eqala ekukhishweni okungu-5.10-rc1.
- CVE-2021-3489 — Ukuba sengozini kubangelwa iphutha ekusetshenzisweni kwebhafa yendandatho futhi kuhlobene nokuthi umsebenzi we-bpf_ringbuf_reserve awuzange uhlole ukuthi kungenzeka yini ukuthi usayizi wememori owabiwe ungaba mncane kunosayizi wangempela webhafa yendandatho. Udaba lukhona kusukela ekukhululweni kwe-5.8-rc1.
Isimo sokulungiswa kobuthakathaka ekusabalalisweni singalandelelwa kula makhasi: Ubuntu, Debian, RHEL, Fedora, SUSE, Arch). Ukulungiswa kuyatholakala futhi njengama-patches (CVE-2021-3489, CVE-2021-3490). Ukuxhashazwa kuncike ekutheni umsebenzisi unokufinyelela ku-call yesistimu ye-eBPF. Isibonelo, ekucushweni okuzenzakalelayo ku-RHEL, ukuxhashazwa kobuthakathaka kudinga ukuthi umsebenzisi abe namalungelo e-CAP_SYS_ADMIN.
Okunye ubuthakathaka ku-kernel kufanele kuqashelwe ngokwehlukana. Linux — I-CVE-2021-32606, evumela umsebenzisi wendawo ukuthi andise amalungelo akhe ukuze aqede. Inkinga ibonakala kusukela ku-kernel. Linux 5.11 futhi kubangelwa isimo somjaho ekusetshenzisweni kwephrothokholi ye-CAN ISOTP, okuvumela amapharamitha okubopha amasokhethi ukuthi ashintshwe ngenxa yokuntuleka kokukhiya okufanele okusethwe kumsebenzi we-isotp_setsockopt() lapho kucutshungulwa ifulegi le-CAN_ISOTP_SF_BROADCAST.
Ngemva kokuba isokhethi ye-ISOTP ivaliwe, isibopho sesokhethi somamukeli sihlala sisebenza, futhi umamukeli angaqhubeka nokusebenzisa izakhiwo ezihlobene nesokhethi ngemva kokukhululwa kwememori ehambisanayo (ukusetshenziswa ngemva kokukhululwa ngenxa yesakhiwo se-isotp_sock esifinyelelwayo lapho kubizwa i-isotp_rcv() ). Ngokukhohlisa idatha, kuyenzeka ukuthi ubhale phezu kwesikhombi somsebenzi we-sk_error_report() bese ukhipha ikhodi yangokwezifiso ezingeni le-kernel.
Source: opennet.ru
