Na FreeBSD rauni a cikin tarin kebul na USB (CVE-2020-7456) wanda ke ba da izinin aiwatar da lambar a matakin kernel ko a cikin sarari mai amfani lokacin da na'urar USB mara kyau ta haɗa da tsarin. USB HID (Na'urar Interface na'urar) bayanan na'urar na iya sanyawa da dawo da yanayin halin yanzu, yana ba da damar kwatancen abubuwan cikin ƙungiyoyin matakai da yawa. FreeBSD yana goyan bayan matakan hakar har zuwa 4. Idan ba a maido da matakin lokacin sarrafa nau'in HID iri ɗaya ba, ana samun isa ga wurin ƙwaƙwalwar aiki mara inganci. An gyara matsalar a cikin FreeBSD 11.3-RELEASE-p10 da 12.1-SAKI-p6. A matsayin tsarin tsaro, ana ba da shawarar saita siga "sysctl hw.usb.disable_enumeration=1".
Andy Nguyen daga Google ne ya gano rashin lafiyar kuma baya cin karo da wata matsala da ta kasance kwanan nan masu bincike daga Jami'ar Purdue da École Polytechnique Fédérale de Lausanne. Waɗannan masu binciken sun ƙirƙira kayan aikin USBFuzz, wanda ke daidaita na'urar USB da ba ta dace ba don gwada gwajin direbobin USB. Ana shirin USBFuzz nan ba da jimawa ba Sabuwar kayan aikin ta gano raunin da ya shafi 26, wanda 18 daga cikinsu sun kasance Linux, inci 4 Windows, inci 3 macOS da kuma ɗaya a cikin FreeBSD. Ba a bayyana cikakkun bayanai game da waɗannan matsalolin ba tukuna, an ambaci cewa an samo alamun CVE don raunin 10, da waɗanda ke bayyana kansu a cikin Linux An riga an gyara matsaloli 11. Irin wannan dabarar gwajin fuzzing Andrey Konovalov daga Google, wanda a cikin 'yan shekarun nan a cikin kebul na USB Linux.
source: budenet.ru
