\u8fd9\u4e9b\u5b89\u5168\u6f0f\u6d1e\u53ea\u80fd\u5728\u672c\u5730\u88ab\u5229\u7528\uff0c\u8fd9\u610f\u5473\u7740\u6f5c\u5728\u7684\u653b\u51fb\u8005\u5c06\u4e0d\u5f97\u4e0d\u901a\u8fc7\u5229\u7528\u53e6\u4e00\u4e2a\u6f0f\u6d1e\u6216\u4f7f\u7528\u5176\u4ed6\u653b\u51fb\u8f7d\u4f53\u6765\u8bbf\u95ee\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u3002<\/p>\n

15\u5e74\u4e4b\u4e45\u7684 Linux \u5185\u6838\u6f0f\u6d1e<\/strong><\/div>\n
\u8fd9\u4e9b\u6f0f\u6d1e\u5728 2006\u5e74 iSCSI \u5185\u6838\u5b50\u7cfb\u7edf\u7684\u521d\u59cb\u5f00\u53d1\u9636\u6bb5\u5c31\u88ab\u5f15\u5165\uff0c\u5982\u4eca\u65f6\u9694 15 \u5e74\uff0cGRIMM \u7684\u7814\u7a76\u4eba\u5458\u7ec8\u4e8e\u53d1\u73b0\u4e86\u8fd9\u4e9b\u6f0f\u6d1e\u3002<\/p>\n
\u6839\u636e GRIMM \u5b89\u5168\u7814\u7a76\u5458 Adam Nichols \u7684\u8bf4\u6cd5\uff0c\u8fd9\u4e9b\u6f0f\u6d1e\u5f71\u54cd\u4e86\u6240\u6709\u7684 Linux \u53d1\u884c\u7248\uff0c\u4f46\u5e78\u8fd0\u7684\u662f\uff0c\u53d7\u5f71\u54cd\u7684 scsi_transport_iscsi \u5185\u6838\u6a21\u5757\u5728\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u662f\u6ca1\u6709\u88ab\u52a0\u8f7d\u7684\u3002<\/p>\n
\u7136\u800c\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u9488\u5bf9\u7279\u5b9a\u7684 Linux \u53d1\u884c\u7248\u7684\u7279\u6027\uff0c\u5373\u8be5\u6a21\u5757\u53ef\u4ee5\u5728\u7279\u6b8a\u60c5\u51b5\u4e0b\u88ab\u52a0\u8f7d\u7684\u7279\u6027\uff0c\u88ab\u653b\u51fb\u8005\u5229\u7528\u5e76\u8fdb\u884c\u653b\u51fb\u3002<\/p>\n
$\"\"$ <\/p>\n
Nichols \u8865\u5145\u9053\uff1a\"\u5728 CentOS 8\u3001RHEL 8 \u548c Fedora \u7cfb\u7edf\u4e0a\uff0c\u5982\u679c\u5b89\u88c5\u4e86 rdma-core \u5305\uff0c\u975e\u7279\u6743\u7528\u6237\u53ef\u4ee5\u81ea\u52a8\u52a0\u8f7d\u6240\u9700\u6a21\u5757\u3002\u800c\u5728 Debian \u548c Ubuntu \u7cfb\u7edf\u4e0a\uff0c\u53ea\u6709\u5728 RDMA \u786c\u4ef6\u53ef\u7528\u7684\u60c5\u51b5\u4e0b\uff0crdma-core \u5305\u624d\u4f1a\u81ea\u52a8\u52a0\u8f7d\u6240\u9700\u7684\u4e24\u4e2a\u5185\u6838\u6a21\u5757\u3002\u56e0\u6b64\uff0c\u5728\u540e\u4e24\u4e2a\u7cfb\u7edf\u4e2d\u8be5\u6f0f\u6d1e\u7684\u5f71\u54cd\u8303\u56f4\u66f4\u52a0\u6709\u9650\"\u3002<\/p>\n
\u901a\u8fc7 KASLR \u7ed5\u8fc7\u83b7\u5f97 root \u6743\u9650<\/strong><\/div>\n
\u653b\u51fb\u8005\u53ef\u4ee5\u6ee5\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u6765\u7ed5\u8fc7\u6f0f\u6d1e\u963b\u6b62\u5b89\u5168\u529f\u80fd\uff0c\u5982 Kernel Address Space Layout Randomization(KASLR\uff0c\u5185\u6838\u5730\u5740\u7a7a\u95f4\u5e03\u5c40\u968f\u673a\u5316)\u3001Supervisor Mode Execution Protection (SMEP\uff0c\u4e3b\u7ba1\u6a21\u5f0f\u6267\u884c\u4fdd\u62a4)\u3001Supervisor Mode Access Prevention(SMAP\uff0c\u4e3b\u7ba1\u6a21\u5f0f\u8bbf\u95ee\u9632\u6b62)\u548c Kernel Page-Table Isolation(KPTI\uff0c\u5185\u6838\u9875\u8868\u9694\u79bb)\u3002<\/p>\n
\u8fd9\u4e09\u4e2a\u6f0f\u6d1e\u4f1a\u5bfc\u81f4\u672c\u5730\u6743\u9650\u63d0\u5347\u3001\u4fe1\u606f\u6cc4\u9732\u548c\u62d2\u7edd\u670d\u52a1\u3002<\/p>\n
\n
CVE-2021-27365\uff1a\u5806\u7f13\u51b2\u533a\u6ea2\u51fa(\u672c\u5730\u6743\u9650\u63d0\u5347\u3001\u4fe1\u606f\u6cc4\u9732\u3001\u62d2\u7edd\u670d\u52a1)<\/li>\n
CVE-2021-27363\uff1a\u5185\u6838\u6307\u9488\u6cc4\u9732(\u4fe1\u606f\u6cc4\u9732)<\/li>\n
CVE-2021-27364\uff1a\u8d8a\u754c\u8bfb\u53d6(\u4fe1\u606f\u6cc4\u9732\uff0c\u62d2\u7edd\u670d\u52a1)<\/li>\n<\/ul>\n
\u76ee\u524d\u6240\u6709\u8fd9\u4e09\u4e2a\u6f0f\u6d1e\u90fd\u5728 5.11.4\u30015.10.21\u30015.4.103\u30014.19.179\u30014.14.224\u30014.9.260 \u548c 4.4.260 \u8fdb\u884c\u4e86\u4fee\u8865\uff0c\u4fee\u8865\u7a0b\u5e8f\u5df2\u4e8e 3 \u6708 7 \u65e5\u5f00\u59cb\u5728\u4e3b\u7ebf Linux \u5185\u6838\u4e2d\u63d0\u4f9b\u3002\u5bf9\u4e8e 3.x \u548c 2.6.23 \u7b49\u4e0d\u518d\u53d7\u652f\u6301\u7684 EOL \u5185\u6838\u7248\u672c\uff0c\u5c06\u4e0d\u4f1a\u53d1\u5e03\u9488\u5bf9\u4e0a\u8ff0\u6f0f\u6d1e\u7684\u8865\u4e01\u3002<\/p>\n
\u56e0\u6b64\u5efa\u8bae\u6240\u6709 Linux \u7528\u6237\u90fd\u5c3d\u5feb\u66f4\u65b0\u7cfb\u7edf\u81f3\u4e0a\u8ff0\u7ecf\u8fc7\u6f0f\u6d1e\u4fee\u590d\u540e\u7684\u7248\u672c\uff0c\u4ee5\u514d\u8bbe\u5907\u88ab\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u8fdb\u884c\u653b\u51fb\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u8fd9\u4e9b\u5b89\u5168\u6f0f\u6d1e\u53ea\u80fd\u5728\u672c\u5730\u88ab\u5229\u7528\uff0c\u8fd9\u610f\u5473\u7740\u6f5c\u5728\u7684\u653b\u51fb\u8005\u5c06\u4e0d\u5f97\u4e0d\u901a\u8fc7\u5229\u7528\u53e6\u4e00\u4e2a\u6f0f\u6d1e\u6216\u4f7f\u7528\u5176\u4ed6\u653b\u51fb\u8f7d\u4f53\u6765\u8bbf\u95ee\u53d7\u5f71\u54cd\u7684\u8bbe […]<\/p>\n","protected":false},"author":668,"featured_media":214145,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[21],"tags":[],"class_list":["post-214143","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/214143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/668"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=214143"}],"version-history":[{"count":2,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/214143\/revisions"}],"predecessor-version":[{"id":214151,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/214143\/revisions\/214151"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/214145"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=214143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=214143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=214143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}