A wannan lokacin na wannan makon, an saki wasu hanyoyin magance matsaloli daban-daban tare da Linux Kernel, amma wasu kuma an gano su, wanda Wanpeng Li ya gano kwanan nan hana sabis (DOS) biyu a cikin kernel na Linux.
Da wacce wannan yana bawa maharan gida damar amfani da maɓallin null don yin la'akari da kuskure don haifar da jihar DOS.
Na farko yanayin rauni, tare da lamba CVE-2018-19406 akan raunin yanayi da bayyanawa, Ya wanzu a aikin kernel na kvm_pv_send_ipi na Linux, wanda aka bayyana a cikin fayil arch / x86 / kvm / lapic.c.
Raunin CVE-2018-19406 yana cikin Linux Kernel 4.19.2, kyale maharin yayi amfani da tsarin bayani dalla-dalla kan na'urorin da ba a gyara ba don cimma jihar DOS. Dalilin wannan matsalar shi ne saboda gazawar Babbar Mai Kulawa da Ingantaccen Tsarin Shirye-Shirye (APIC) don farawa yadda ya kamata.
Wanpeng Li ya rubuta:
“Dalili kuwa shine har yanzu ba’a fara amfani da taswirar apic ba, akwatin yana kunna pv_send_ipi ta hanyar vmcall, wanda yake haifar da rashin kvm-> arch.apic_map. "Wannan facin yana gyara shi ta hanyar duba ko taswirar ba ta NULL ba ko a'a kuma nan da nan idan haka ne."
Hali na biyu da Wanpeng Li ya gano yana iyakance ga yanayin da maharin zai iya samun damar amfani da na'urar a zahiri.
An fitar da wannan batun CVE-2018-19407 a cikin bayanan yanayin rauni na ƙasa kuma ya bayyana a cikin aikin vcpu_scan_ioapic a cikin baka / x86 / kvm / x86.c a cikin kernel na Linux 4.19.2, yana ba masu amfani na gari damar haifar da ƙin sabis (NULL pointer) karkacewa da BUG) ta hanyar kiran tsarin kira wanda ya isa ga yanayin da ba a fara amfani da ioapic ba.
Duk da haka wani yanayin rauni wanda ya shafi Linux Kernel CVE-2018-18955
A gefe guda, Har ila yau a cikin wannan makon an gano yanayin rauni (CVE-2018-18955) a cikin lambar fassarar uid / gid daga filin sunan mai amfani.
Zuwa babban asalin ganowa, wanne Ba da damar mai amfani wanda ba shi da gata tare da gatan mai gudanarwa a cikin keɓaɓɓen akwati (CAP_SYS_ADMIN) don ƙetare ƙuntatawa na tsaro da samun albarkatu a waje da sararin suna na mai ganowa ta yanzu.
Misali, lokacin da kake amfani da tsarin fayil ɗin da aka raba a cikin akwati da mahalli mai masaukin baki, zaka iya karanta abubuwan da ke cikin fayil ɗin / sauransu / inuwa a cikin babban mahalli ta hanyar roƙon kai tsaye zuwa i-node.
Raunin yanayin yana nan cikin rarrabawa ta amfani da kernel 4.15 da sabo-sabo, misali a Ubuntu 18.04 da Ubuntu 18.10, Arch Linux da Fedora (kernel 4.19.2 tare da gyara tuni an samu su a Arch da Fedora).
RHEL da SUSE basu shafa ba. A kan Debian da Red Hat Enterprise Linux, ba a kunna tallafin sararin mai amfani ta tsohuwa, amma an haɗa shi a cikin Ubuntu da Fedora.
Rashin lafiyar ya samo asali ne daga kwaro a cikin lambar kernel ta Linux ta 4.15, wacce aka gabatar a watan Oktoba na shekarar da ta gabata.
An gyara matsalar a sigar 4.18.19, 4.19.2 da 4.20-rc2.
Ularfafawa Yana nan a cikin aikin taswira_write () wanda aka bayyana a cikin fayil ɗin kwaya /user_namespace.c, kuma hakan yana faruwa ne ta hanyar aiki mara kyau na wuraren gano mai amfani waɗanda ke amfani da fiye da 5 UID ko jeren GID.
A karkashin waɗannan sharuɗɗan, fassarar masu gano uid / gid daga sunan suna zuwa kernel (taswirar gaba) suna aiki daidai, amma ba a yin su yayin juyawa baya (taswirar baya, daga kernel zuwa sararin ganowa).
Yanayi ya taso inda aka tsara ID na mai amfani 0 (tushe) daidai ga mai gano 0 a cikin kwaya yayin jujjuya kai tsaye, amma ba ya nuna ainihin halin da ake ciki yayin canza canjin da aka yi amfani da shi a cikin inode_owner_or_capable () da kuma dama_wrt_inode_uidgid () cak.
Sabili da haka, yayin samun damar inode, kernel ya ɗauki cewa mai amfani yana da ikon da ya dace, duk da cewa ba a amfani da mai gano 0 daga babban saitin ids na mai amfani, amma daga wani sararin suna daban.