I-BleedingTooth: ukuba sengozini ku-BlueZ okuvumela ukwenziwa kwekhodi ekude

Kukhishwe onjiniyela beGoogle ngeposi abalitholile ukuba sengozini enkulu (I-CVE-2020-12351) isitaki se-Bluetooth "BlueZ" esetshenziswa ekusatshalalisweni kweLinux neChannel OS.

Ukuba sengozini, kufakwe ikhodi kabusha UkophaTooth, kuvumela umhlaseli ongagunyaziwe ukwenza ikhodi yakho ezingeni le-kernel I-Linux ngaphandle kokungenelela komsebenzisi ngokuthumela amaphakethe e-Bluetooth aklanywe ngokukhethekile.

Inkinga ingaxhashazwa ngumhlaseli ophakathi kwebanga le-Bluetooth futhi ngaphezu kweqiniso lokuthi ukubhanqa kwangaphambilini akudingeki phakathi kocingo oluhlaselayo nesisulu, isimo kuphela ukuthi i-Bluetooth kumele isebenze kukhompyutha.

Mayelana nokuba sengozini

Ukuhlaselwa, kwanele ukwazi ikheli le-MAC ledivayisi yesisulu, enganqunywa ngokulandela umkhondo noma, kwamanye amadivayisi, abalwa ngokususelwa kukheli le-Wi-Fi MAC.

Ukuba sengozini ikhona ezingxenyeni ezicubungula amaphakethe we-L2CAP (Logical Link Control and Adaptation Protocol) ezingeni le-Linux kernel.

Lapho uthumela iphakethe elenzelwe ngokukhethekile le-L2CAP ngemininingwane eyengeziwe yesiteshi se-A2MP, umhlaseli angabhala ngaphezulu indawo ngaphandle kwememori imephu, engasetshenziswa ukudala ukuxhashazwa ukwenza ikhodi yezinga le-kernel engqubuzanayo.

Lapho ucacisa i-CID ngaphandle kwe-L2CAP_CID_SIGNALING, L2CAP_CID_CONN_LESS, ne-L2CAP_CID_LE_SIGNALING ephaketheni, isibambi se-2cap_data_channel () sibizwa eBlueZ, esineziteshi ezikwi-L2CAP_MODE_ERTM izindlela ezibizwa ngokuthi yi-filter ye-skip_CAPterfter (). Kumaphakethe ane-CID L2CAP_CID_A2MP, asikho isiteshi, ngakho-ke ukusidala, umsebenzi we-a2mp_channel_create () ubizwa, osebenzisa uhlobo "struct amp_mgr" lapho kucubungulwa inkambu yedatha chan->, kepha uhlobo lwale nkambu kufanele lube "Isokisi lesakhiwo".

Ukuba sengozini sekuvele selokhu kwavela i-Linux kernel 4.8 Futhi ngaphandle kwezimangalo ze-Intel, akukhulunywa ngayo kunguqulo esanda kukhishwa engu-5.9.

UMatthew Garrett, umakhi owaziwa kakhulu we-Linux kernel othole umklomelo ovela kwiFree Software Foundation ngokunikela kwakhe ekuthuthukiseni isoftware yamahhala, uthi imininingwane embikweni we-Intel ayilungile nokuthi i-kernel 5.9 ayifaki ukulungiswa okulungile. ukulungisa ubungozi, amachashazi afakiwe egatsheni elilandelayo, hhayi igatsha le-5.9).

Ubuye waveza intukuthelo ngenqubomgomo ye-Intel yokudalula ukuba sengozini: Abathuthukisi bokusabalalisa kweLinux abaziswanga ngenkinga ngaphambi kokukhishwa kombiko futhi bebengenalo nethuba lokuthekelisa ngaphambi kokuthekelisa amaphakheji abo we-kernel.

Ngokwengeziwe, kubikwa ukuthi kukhona amanye amathuba okuba sengozini okubili ku-BlueZ:

• I-CVE-2020-24490 - Ukuchichima kwebhafa yekhodi yokuhlaziya ye-HCI (hci_event.c). Umhlaseli okukude angafeza ukugcwala kwe-buffer nokwenza ikhodi ezingeni le-Linux kernel ngokuthumela izimemezelo zokusakaza. Ukuhlaselwa kungenzeka kuphela kumadivayisi asekela i-Bluetooth 5, lapho imodi yokuskena isebenza kubo.
• I-CVE-2020-12352: Ukulahleka kwemininingwane yesitaki ngenkathi kucutshungulwa iphakethe le-A2MP. Inkinga ingaxhashazwa ngumhlaseli owazi ikheli le-MAC ledivayisi ukubuyisa idatha kusitaki se-kernel, engahle iqukathe imininingwane ebucayi njengokhiye bokubethela. Isitaki singaqukatha nezikhombi, ngakho-ke udaba lungasetshenziswa ukunquma ukwakheka kwememori futhi kudlule ukuvikelwa kwe-KASLR (ikheli ngokungahleliwe) ekusetshenzisweni kobunye ubungozi.

Ekugcineni, kumenyezelwe ukushicilelwa kohlobo oluthile lokuxhaphaza ukuqinisekisa inkinga.

Ngokusatshalaliswa inkinga ihlala ingafakwanga (i-Debian, RHEL (ukuba sengozini kuqinisekisiwe kuzinguqulo ze-RHEL kusuka ku-7.4), SUSE, Ubuntu, Fedora)

Ipulatifomu ye-Android ayithinteki yinkinga njengoba isebenzisa isitaki sayo se-Bluetooth, ngokususelwa kukhodi evela kuphrojekthi ye-Broadcom's BlueDroid.

Uma ufuna ukwazi kabanzi ngalokhu kuba sengozini, ungaxhumana nemininingwane Kulesi sixhumanisi esilandelayo.