USB Gadget, wani tsarin da ke cikin Linux kernel wanda ke ba da hanyar sadarwa don ƙirƙirar na'urorin abokin ciniki na USB da software na simintin na'urorin USB, yana da rauni (CVE-2021-39685) wanda zai iya haifar da zubar da bayanai daga kwaya, karo, ko aiwatar da code na sabani a matakin kernels. Wani mai amfani na cikin gida mara gata ne ya kai harin ta hanyar yin amfani da azuzuwan na'urori daban-daban da aka aiwatar bisa tushen USB Gadget API, kamar su rndis, boye, uac1, uac1_legacy da uac2.
An gyara matsalar a cikin sabuntawar kwaya ta Linux da aka buga kwanan nan 5.15.8, 5.10.85, 5.4.165, 4.19.221, 4.14.258, 4.9.293 da 4.4.295. Matsalar ta kasance ba a gyara ba a cikin rabawa (Debian, Ubuntu, RHEL, SUSE, Fedora, Arch). An shirya samfurin amfani don nuna raunin.
Matsalar tana faruwa ne ta hanyar buffer ambaliya a cikin masu neman canja wurin bayanai a cikin direbobin na'urar rndis, boye, uac1, uac1_legacy da uac2. Sakamakon cin gajiyar rauni, maharin mara gata zai iya samun damar yin amfani da ƙwaƙwalwar kernel ta hanyar aika buƙatun sarrafawa ta musamman tare da ƙimar filin wLength wanda ya zarce girman madaidaicin buffer, wanda koyaushe ana ba da 4096 bytes (USB_COMP_EP0_BUFSIZ). Yayin harin, wani tsari mara gata a cikin sararin mai amfani zai iya karantawa ko rubuta har zuwa 65 KB na bayanai cikin ƙwaƙwalwar kernel.
source: budenet.ru