Kana dzikashandiswa, zvikanganiso izvi zvinogona kubvumira vanorwisa kuti vawane mukana usina mvumo kune ruzivo rwakadzama kana kuti kazhinji kukonzera matambudziko.
Mazuva mashoma apfuura ruzivo rwakaburitswa nezve hutatu hwekusagadzikana muLinux idzo dzinoonekwa sedzakakosha, kunyangwe vaine CVSS mamakisi e7.8, vanobvumira kuurayiwa kwekodhi kumunhu asina rusarura mukati mehurongwa, uye imwe yacho yanga iripo kubvira Linux 3.13.
Kudzvinyirirwa Vakaonekwa masvondo akawanda apfuura uye kuburitswa kweizvi kwakaitwa maererano nenguva yenyasha yakagadzwa kuitira kuti vanogadzira vagadzirise zvikanganiso zvakadaro mukati meLinux Kernel.
Nezve kusakwana kutatu muLinux kernel, maviri acho anobata Kernel nenzira yakajairika, nepo imwe yacho inobata Ubuntu (kunyangwe zvichitariswawo kuti zvinogona kukanganisa kumwe kugoverwa).
Ropafadzo yemunharaunda inowedzera kusazvibata kushandiswa-mushure-kwemahara
Yokutanga zvekusasimba zvakaonekwa ndezvekuti, CVE-2023-31248, izvo iko kusagadzikana muNetfilter subsystem iyo inobvumira mushandisi wemuno kuti aite kodhi yako padanho re kernel.
Nezve dambudziko rekusagadzikana, zvinonzi izvi zvinoitika kana uchiwana ndangariro mushure mekunge yasunungurwa (shandisa-mushure-yemahara) mu nf_tables module, iyo inovimbisa kushanda kwenftables packet filter, nekuda kwekushaikwa kwecheki yakakodzera yehurumende yeketani panguva yekugadziriswa kwekutsvaga kwekutsvaga pamaketani nebasa. nft_chain_lookup_byid, iyo isingabatanidzi kudzoka kwechirevo chetambo nf_table nechekare.
Kuti kurwisa kubudirire, kuwana nftables kunodiwa, iyo inogona kuwanikwa neCAP_NET_ADMIN kodzero kune chero zita remushandisi kana network namespace inogona kupihwa, semuenzaniso, mumidziyo iri yega.
Kunetseka inoratidzwa se kernel 5.9 (iyo kodhi yakakonzera kusagadzikana haina kudzoserwa kune yapfuura LTS kernel mapazi) uye gadziriso yenyaya iripo chete sechigamba. Imwe workaround yakapihwa kurerutsa nyaya iyi inotaura kuti zvinokwanisika kudzivirira iyo yakakanganisika kodhi kubva pakurodha nekuisa blacklister iyo kernel netfilter module.
Bad Pointer Ropafadzo Escalation Kusagadzikana mune nftables
Yechipiri kunetseka zvakaonekwa ndizvo CVE-2023-35001, zvinova kusagadzikana mune nf_tables module iyo inobvumira mushandisi wemuno kuti aite kodhi yako padanho re kernel. vulnerability imhaka yekukanganisa pointer manipulation paunenge uchigadzira nft_byteorder mataurirwo, iyo inogona kukonzera kupinda kune ndangariro nzvimbo kupfuura kupera kweiyo array.
Kuvhiya kwacho kunoda kodzero dzeCAP_NET_ADMIN, uye munhu anorwisa anogona kushandisa kusazvibata uku kuti awedzere maropafadzo uye kuita zvehumwe kodhi mune kernel.
Nezvekusagadzikana, kunotaurwa kuti chikanganiso chekuongorora chakabatana chinobvumira munhu anorwisa neCAP_NET_ADMIN kuwana kukonzeresa dambudziko renzvimbo nekuda kwekurongeka kwedata.
Nezve dambudziko, inotaurwa kuti yave iripo kubvira kernel 3.13 uye kusvika parizvino yakangogadziriswa muchimiro chechigamba.
Ropafadzo yekuwedzera njodzi muUbuntu
Yekupedzisira yehutera ndeye CVE-2023-1829, inova kusagadzikana mutcindex traffic classifier, inova chikamu cheQoS (Hunhu hwebasa) subsystem yeLinux kernel.
Saka nekudaro, zvinonzi kusazvibata kunobvumira mushandisi wemuno asina rombo kuti aite yakasarudzika Linux kernel kodhi.
Iko kugona kushandisa kusazvibata kwakaratidzwa paUbuntu. Dambudziko rinokonzerwa nekutadza kutarisa kuvepo kwechinhu usati waita oparesheni yekubvisa ndangariro yakabatana nayo, zvichitungamira kudana kaviri kune yemahara () basa.
Nyaya inogadziriswa nekubvisa tcindex kernel module, kutanga nebazi re6.3, rinosanganisirwa nekernel yeUbuntu neDebian.
Pakupedzisira zvinonzi kusazvibata kwakagadziriswa muna Kubvumbi uye seimwe gadziriso yekuchengetedza iyo otomatiki kurodha ye cls_tcindex module inogona kudzimwa nekuwedzera faira. /etc/modprobe.d/blacklist-tcindex.conf nemutsara "blacklist cls_tcindex”.