Munguva yevhiki ino, mamwe mhinduro kumatambudziko akasiyana siyana neLinux Kernel aburitswa, asi mamwe mashoma akawanikwawo, ayo Wanpeng Li achangobva kuwana mbiri yekuramba sevhisi (DOS) muLinux kernel.
Nezvo izvi inobvumira varwisi vemuno kuti vashandise null pointer kunongedzera chikanganiso kutanga mamiriro eDOS.
Yekutanga kunetseka, ine nhamba CVE-2018-19406 pane zvakajairika kusagadzikana uye kufumurwa, Iyo irimo muLinux kernel kvm_pv_send_ipi basa, iro rinotsanangurwa mufaira arch / x86 / kvm / lapic.c.
Iyo CVE-2018-19406 kunetsekana kuripo muLinux Kernel 4.19.2, ichibvumira uyo anorwisa kuti ashandise akawandisa masisitimu anoshevedza pazvigadzirwa zvisina kugadziriswa kuti awane DOS mamiriro. Chikonzero cheichi dambudziko ndechekukundikana kweAdvanced Programmable Interrupt Controller (APIC) kutanga zvakanaka.
Wanpeng Li akanyora kuti:
"Chikonzero ndechekuti iyo apic mepu haisati yatangwa, testcase inomutsa pv_send_ipi interface ne vmcall, izvo zvinoguma ne kvm-> arch.apic_map isiri kutaurwa. "Ichi chigamba chinogadzirisa nekutarisa kana iyo apic mepu iri YEMAHARA kana kwete uye nekukasira kana zvirizvo."
Kusava panjodzi kwechipiri kwakawanikwa na Wanpeng Li kunogumira pamamiriro ezvinhu apo munhu anorwisa anogona kuwana mudziyo.
Iyi nyaya yakaverengerwa CVE-2018-19407 mune yenyika kudzvinyirirwa dhatabhesi uye inowanikwa muvcpu_scan_ioapic basa mune arch / x86 / kvm / x86.c muLinux kernel 4.19.2, ichibvumira vashandisi vemuno kukonzera kuramba kwebasa (NULL pointer) kutsauka uye BUG) kuburikidza neyakagadzirirwa sisitimu mafoni anosvika pamamiriro ezvinhu ioapic isati yatanga.
Zvakare kumwe kunetseka kunokanganisa Linux Kernel CVE-2018-18955
Ukuwo, zvakare mukufamba kwesvondo rino kushupika kwakaonekwa (CVE-2018-18955) mune iyo uid / gid kodhi yekushandura kubva kune yemushandisi namespace.
Kune chikuru chinongedzo chakaiswa, icho Inobvumidza mushandisi-asina rombo rakanakirwa nemutariri rombo mumudziyo uri wega (CAP_SYS_ADMIN) kudarika zvigaro zvekuchengetedza uye kuwana zviwanikwa kunze kwenzvimbo yezita yechiratidzo chazvino.
Semuenzaniso, kana iwe ukashandisa yakagovaniswa faira sisitimu mumudziyo nenzvimbo yevagari, unogona kuverenga zvirimo mu / etc / mumvuri faira munzvimbo huru nharaunda kuburikidza neakananga kukumbira i-node.
Dambudziko iri riripo mukuparadzira uchishandisa kernel 4.15 uye zvitsva zvinyorwa, semuenzaniso muUbuntu 18.04 uye Ubuntu 18.10, Arch Linux neFedora (kernel 4.19.2 ine fix yatove kuwanikwa muArch neFedora).
RHEL uye SUSE haina kukanganiswa. PaDebian neRed Hat Enterprise Linux, rutsigiro rwemushandisi nzvimbo harugoneswe nekutadza, asi rwunowanikwa muUbuntu neFedora.
Iyo kushushikana kunokonzerwa nedhigi muLinux kernel kodhi 4.15, yakaunzwa muna Gumiguru gore rapfuura.
Dambudziko rakagadziriswa mushanduro 4.18.19, 4.19.2 uye 4.20-rc2.
Kunetseka Iyo irimo mu map_write () basa rinotsanangurwa mu kernel faira /user_namespace.c, uye zvinokonzereswa nekusagadziriswa kwekugadziriswa kwenzvimbo yekuzivisa mushandisi nzvimbo dzinoshandisa anopfuura mashanu eUID kana maGID masosi.
Pasi pemamiriro aya, kushandurwa kwemazita euid / gid kubva pazita rezita kuenda kune kernel (mepu yepamberi) anoshanda nemazvo, asi hazviitwe panguva yekushandurwa kwekutendeuka (mepu inodzosera kumashure, kubva kune kernel kuenda kunzvimbo yekuzivisa).
Mamiriro ezvinhu anomuka apo mushandisi ID 0 (mudzi) yakanyatso rongedzwa kuratidza 0 mune kernel panguva yekushandurwa kwakananga, asi haina kuratidza mamiriro chaiwo panguva yekushandurwa shanduko inoshandiswa mu inode_owner_or_capable () uye neropafadzo_wrt_inode_uidgid () macheki.
Naizvozvo, kana uchinge wawana inode, iyo kernel inofunga kuti mushandisi ane masimba akakodzera, kunyangwe hazvo iyo yekuzivisa 0 haina kushandiswa kubva kune huru seti yemushandisi id, asi kubva kune yakasarudzika namespace.