Na FreeBSD rauni a cikin tarin kebul na USB (CVE-2020-7456) wanda ke ba da izinin aiwatar da lambar a matakin kernel ko a cikin sarari mai amfani lokacin da na'urar USB mara kyau ta haɗa da tsarin. USB HID (Na'urar Interface na'urar) bayanan na'urar na iya sanyawa da dawo da yanayin halin yanzu, yana ba da damar kwatancen abubuwan cikin ƙungiyoyin matakai da yawa. FreeBSD yana goyan bayan matakan hakar har zuwa 4. Idan ba a maido da matakin lokacin sarrafa nau'in HID iri ɗaya ba, ana samun isa ga wurin ƙwaƙwalwar aiki mara inganci. An gyara matsalar a cikin FreeBSD 11.3-RELEASE-p10 da 12.1-SAKI-p6. A matsayin tsarin tsaro, ana ba da shawarar saita siga "sysctl hw.usb.disable_enumeration=1".
Andy Nguyen daga Google ne ya gano rashin lafiyar kuma baya cin karo da wata matsala da ta kasance kwanan nan masu bincike daga Jami'ar Purdue da École Polytechnique Fédérale de Lausanne. Waɗannan masu binciken sun ƙirƙira kayan aikin USBFuzz, wanda ke daidaita na'urar USB da ba ta dace ba don gwada gwajin direbobin USB. Ana shirin USBFuzz nan ba da jimawa ba . Yin amfani da sabon kayan aikin, an gano raunin 26, wanda 18 a cikin Linux, 4 a cikin Windows, 3 a cikin macOS da ɗaya a cikin FreeBSD. Har yanzu ba a bayyana cikakkun bayanai game da waɗannan matsalolin ba; kawai an ambaci cewa an samo masu gano CVE don raunin guda 10, kuma an riga an gyara matsalolin 11 da ke faruwa a cikin Linux. Dabarar gwaji mai kama da kama Andrey Konovalov daga Google, wanda a cikin 'yan shekarun nan a cikin kebul na USB na Linux.
source: budenet.ru