On March 12, cybersecurity researchers GRIMM published information on three interesting bugs in the Linux kernel. In code that has been ignored for about 15 years. Fortunately, no one seems to have been looking closely at the code all this time; at least not so hard as to spot mistakes. The CVEs listed below have already been fixed.
CVE-2021-27365. - sprintf().
CVE-2021-27363. - ID.
CVE-2021-27364. , .
iSCSI: , SCSI : SCSI, , .
iSCSI SCSI , , , : « , iSCSI: ».
, , – , , .
, , , (, , ) Linux lib/modules
; , , , .
: , Linux, 7 2021 : 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.1.4.224, 4.9.260, 4.4.260. , , , . , uname -r
Linux 4500 :
root@slack:/lib/modules/5.10.23# find . -name '*.ko'
./kernel/arch/x86/crypto/aegis128-aesni.ko
./kernel/arch/x86/crypto/blake2s-x86_64.ko
./kernel/arch/x86/crypto/blowfish-x86_64.ko
[...4472 lines deleted...]
./kernel/sound/usb/usx2y/snd-usb-usx2y.ko
./kernel/sound/x86/snd-hdmi-lpe-audio.ko
./kernel/virt/lib/irqbypass.ko
#
, Tascam Ux2y (, US122, US224, US428), , , - snd-usb-usx2y.ko
.
, , , , - , , .
, GRIMM . , , :
, .
, , , .
, , .
, , .
, , iSCSI . , , iSCSI, , .
, ( Heartbleed?), . , "" , RAM: , .
, sprintf()
. , formatted print into string – , , . :
char buf[64]; /* Reserve a 64-byte block of bytes */
char *str = "42"; /* Actually has 3 bytes, thus: '4' '2' NUL */
/* Trailing zero auto-added: 0x34 0x32 0x00 */
sprintf(buf,"Answer is %s",str)
buf, 12 "Answer is 42", ASCII NUL, 64- – 51 .
sprintf()
: , . , str
54 , , "Answer is" buf..
, str
: C , str
, , .
, . snprintf()
: N , snprintf()
.
- .
: ID ID, 1, 2, 3 .
, , : « , : , , , , RAM?» ( ).
, , - , , , , , .
KASLR, kernel address space layout randomisation ( ), , .
- ( , : ), , , .
, , , , .
?
. , . , .
. , . IDE , « C-», , . .
, . Linux
kernel.modules_disable=1
, , ; , . . :
sysctl -w kernel.modules_disable=1 echo 1 > /proc/sys/kernel/modules_disable
, , . , , , . .
