Kwanan nan an ba da rahoton kwari a cikin direban "rtlwifi" wanda ke cikin kernel na Linux don adaftan mara waya ta Realtek wanda yake tushen guntu, an riga an tsara shi a cikin yanayin rauni (CVE-2019-17666). Kuma hakane wannan kuskuren za a iya amfani dashi don tsara aiwatar da lambar a cikin mahallin kernel lokacin jigilar jigilar firam ɗin musamman.
Rashin lafiyar ya samo asali ne sakamakon ambaliyar ruwa a cikin lambar tare da aiwatar da yanayin P2P (Wifi-Direct). Lokacin nazarin fuloti NoA (Sanarwa na rashin), babu girman duba ɗaya daga cikin ƙimar, wanda ke ba da damar rubuta layin bayanan zuwa yankin da ke wajen iyakar iyaka da sake sake rubuta bayanan a cikin tsarin kwaya wanda ke bin maƙallin.
Wannan ƙarin bayanan kuma yana lalata sararin ƙwaƙwalwar da ke kusa kuma zai iya canza wasu bayanai, bude kofa ga munanan hare-hare. Wannan takamaiman kuskuren na iya ba maharan damar ƙaddamar da hare-hare iri-iri, daga toshe injunan Linux masu rauni don kammala karɓar iko.
Za a iya kai hari ta hanyar aika firam ɗin musamman da aka tsaraTsarin tsari ne tare da adaftar cibiyar sadarwa mai aiki bisa ga guntu na Realtek tare da tallafi don fasahar Wi-Fi Direct, wanda ke bawa adaftan mara waya biyu damar kafa haɗin kai tsaye ba tare da hanyar samun dama ba.
Don amfani da matsalar, haɗin mai kai hari ga cibiyar sadarwar mara waya ba buƙata ba kuma ba a buƙatar aikin mai amfani ba; kawai ya isa cewa maharin yana cikin yankin ɗaukar sigina mara waya ta manufa.
Wani sashi mai rauni na direban rtlwifi wani fasali ne da ake kira Gargaɗi Gargaɗi Rashin. Wannan yarjejeniya tana taimakawa na'urori don kashe rediyon su kai tsaye don adana wuta. Akwai aibi a cikin hanyar da mai kula yake bi da fakitin Batar da Bacewa: ba ya tabbatar da cewa wasu fakiti suna da tsayi mai dacewa, don haka mai kai hari zai iya ƙara takamaiman bayanan da zasu haifar da tsarin.
Ars Nico Waisman, wanda babban injiniyan tsaro ne a Github ya ce "kwaron na da mahimmanci." "Halin laulayi ne ke haifar da ambaliya daga Wi-Fi a cikin kwayar Linux, muddin dai kuna amfani da direban Realtek (RTLWIFI)."
“Na sami wannan kuskuren ne a ranar Litinin. Yawo a cikin Linux rtlwifi direba a cikin P2P (Wifi-Direct), yayin nazarin kwalaye na Sanarwar Rashin Rashi. Kwaron ya kasance a kalla na tsawon shekaru 4, ”Waisman ya bayyana a Twitter.
Samfurin aiki na amfani har yanzu an iyakance shi zuwa kira na kullewa na kwaya mai nisa, amma yuwuwar rashin lafiyar ba ta ware yiwuwar shirya aiwatar da lambar ba (zaton kawai ka'ida ce, tunda har yanzu ba a fara amfani da samfurin ba don aiwatar da lambar, amma mai binciken da ya gano matsalar yana aiki tukuru kan kirkirar sa) .
"Har yanzu ina kan aikin gona, kuma tabbas zai ... dauki lokaci (ba shakka, mai yiwuwa ba zai yiwu ba)," kamar yadda ya rubuta a cikin wani sakon kai tsaye. “A takarda, wannan ambaliya ce da ya kamata ta zama mai amfani. Mafi munin, wannan shine musun sabis; a mafi kyau, kuna samun kwasfa. ' in ji Ars Nico Waisman
Yana da mahimmanci a lura cewa yanayin rauni kawai yana shafar na'urori Linux da ke amfani da guntu na Realtek lokacin da Wi-Fi ke kunne. Ba za a iya yin amfani da aibi ba idan an kashe Wi-Fi ko kuma idan na'urar tana amfani da guntu Wi-Fi daga wani masana'anta.
Wannan matsalar ba sabon abu bane, tunda ta bayyana tunda Linux kernel 3.12 (Kodayake a cewar wasu kafofin, matsalar ta bayyana ne daga Linux Kernel 3.10), wanda aka fitar a shekarar 2013. Sun kuma yi sharhi cewa mai yiwuwa matsalar ta shafi tsarin Android.
Maganin a halin yanzu ana samunsa kamar haka faci. A cikin rarrabawa, matsalar ta kasance ba a gyara ta ba.
Ga masu sha'awar bin diddigin mafita. Kuna iya bin diddigin cire lahani a cikin rarrabawa a waɗannan shafukan: Debian, SUSE / budeSuse, rhel, Ubuntu.