daga Google bayar da rahoto game da gano lahani 15 na gaba (CVE-2019-19523 - CVE-2019-19537) a cikin direbobin USB da aka bayar a cikin Linux kernel. Wannan shine rukuni na uku na matsalolin da aka samu yayin gwajin fuzz na kebul na USB a cikin kunshin - wanda aka ba da bincike a baya game da gaban 29 vulnerabilities.
Wannan lokacin jerin sun haɗa da lahani kawai da aka samu ta hanyar samun dama ga wuraren ƙwaƙwalwar ajiya da aka riga aka 'yanta (bayan amfani) ko haifar da ɗigowar bayanai daga ƙwaƙwalwar kernel. Ba a haɗa batutuwan da za a iya amfani da su don haifar da hana sabis a cikin rahoton ba. Ana iya yin amfani da rashin lahani lokacin da aka haɗa na'urorin USB na musamman da aka haɗa su da kwamfutar. Gyaran duk matsalolin da aka ambata a cikin rahoton an riga an haɗa su a cikin kwaya, amma wasu ba a haɗa su cikin rahoton ba. har yanzu ba a gyara ba.
Mafi hatsarin rashin amfani-bayan-kyauta wanda zai iya haifar da aiwatar da lambar code an kawar da su a cikin adutux, ff-memless, ieee802154, pn533, hiddev, iowarrior, mcba_usb da direbobin yurex. CVE-2019-19532 kuma ya lissafta lahani 14 a cikin direbobin HID da suka haifar da kurakurai waɗanda ke ba da damar rubutawa daga waje. An sami matsaloli a cikin ttusb_dec, pcan_usb_fd da pcan_usb_pro direbobi da ke haifar da zubewar bayanai daga ƙwaƙwalwar kernel. An gano wani batu (CVE-2019-19537) saboda yanayin tsere a cikin kebul na tarin kebul don aiki tare da na'urorin halayen.
Hakanan zaka iya lura
lahani huɗu (CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901) a cikin direba don kwakwalwan mara waya ta Marvell, wanda zai iya haifar da ambaliya. Ana iya aiwatar da harin daga nesa ta hanyar aika firam ta wata hanya yayin haɗawa zuwa wurin shiga mara waya ta maharin. Mafi yuwuwar barazanar ita ce hana sabis na nesa (hadarin kernel), amma ba za a iya kawar da yiwuwar aiwatar da lamba akan tsarin ba.
source: budenet.ru