ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > 15 Vulnerabilities hauv USB Drivers muab nyob rau hauv Linux Kernel

15 Vulnerabilities hauv USB Drivers muab nyob rau hauv Linux Kernel

Andrey Konovalov los ntawm Google luam tawm tshaj tawm txog kev txheeb xyuas ntawm 15 qhov tsis zoo tom ntej (CVE-2019-19523 - CVE-2019-19537) hauv USB tsav tsheb muaj nyob rau hauv Linux ntsiav. Qhov no yog qhov thib peb ntawm cov teeb meem pom thaum lub sij hawm fuzz kuaj ntawm USB pawg hauv pob syzkaller ua - tus kws tshawb fawb yav dhau los twb qhia hais txog qhov muaj 29 qhov tsis zoo.

Lub sijhawm no cov npe suav nrog tsuas yog qhov tsis zoo uas tshwm sim los ntawm kev nkag mus rau thaj chaw nco tau tso tseg (siv-tom qab-dawb) lossis ua rau cov ntaub ntawv xau los ntawm lub cim xeeb kernel. Cov teeb meem uas tuaj yeem siv los ua kom tsis lees paub kev pabcuam tsis suav nrog hauv tsab ntawv tshaj tawm. Qhov tsis muaj peev xwm tuaj yeem siv tau thaum tshwj xeeb npaj cov khoom siv USB txuas nrog lub computer. Kev kho rau tag nrho cov teeb meem uas tau hais hauv tsab ntawv ceeb toom tau suav nrog hauv cov ntsiav, tab sis qee qhov tsis suav nrog hauv tsab ntawv ceeb toom ua yuam kev tseem nyob tsis raug.

Qhov txaus ntshai tshaj plaws siv-tom qab-dawb vulnerabilities uas tuaj yeem ua rau kev tua tus lej tua tau raug tshem tawm hauv adutux, ff-memless, ieee802154, pn533, hiddev, iowarrior, mcba_usb thiab yurex tsav tsheb. CVE-2019-19532 tseem sau 14 qhov tsis zoo hauv HID tsav tsheb los ntawm kev ua yuam kev uas tso cai rau kev sau ntawv tawm. Cov teeb meem tau pom nyob rau hauv ttusb_dec, pcan_usb_fd thiab pcan_usb_pro tsav tsheb ua rau cov ntaub ntawv xau los ntawm cov ntsiav nco. Ib qho teeb meem (CVE-2019-19537) vim muaj kev sib tw sib tw tau raug txheeb xyuas hauv USB pawg code rau kev ua haujlwm nrog cov cim khoom siv.

Koj kuj tuaj yeem sau tseg
kev txheeb xyuas plaub qhov tsis zoo (CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901) hauv tus neeg tsav tsheb rau Marvell wireless chips, uas tuaj yeem ua rau muaj qhov tsis txaus. Qhov kev tawm tsam tuaj yeem ua tau los ntawm kev xa cov thav duab hauv ib txoj hauv kev thaum txuas mus rau tus neeg tawm tsam qhov chaw nkag wireless. Qhov kev hem thawj tshaj plaws yog kev tsis lees paub ntawm kev pabcuam (kernel crash), tab sis qhov ua tau ntawm cov lej ua tiav ntawm lub kaw lus tsis tuaj yeem txiav tawm.

Tau qhov twg los: opennet.ru

Ntxiv ib saib