Hauv FreeBSD muaj qhov tsis zoo nyob hauv USB pawg (CVE-2020-7456) uas tso cai rau kev ua tiav ntawm qib ntsiav lossis hauv cov neeg siv qhov chaw thaum lub cuab yeej USB phem txuas nrog lub kaw lus. USB HID (Human Interface Device) cov cuab yeej piav qhia tuaj yeem tso thiab khaws cov xwm txheej tam sim no, tso cai rau cov lus piav qhia kom muab faib ua ntau pawg. FreeBSD txhawb nqa txog li 4 qib kev rho tawm. Yog tias cov qib tsis rov qab los thaum ua cov HID tib yam, qhov chaw nco tsis raug nkag mus. Qhov teeb meem tau kho hauv FreeBSD 11.3-RELEASE-p10 thiab 12.1-RELEASE-p6 hloov tshiab. Raws li kev ruaj ntseg workaround, nws raug nquahu kom teeb qhov parameter "sysctl hw.usb.disable_enumeration=1".
Qhov tsis zoo no tau txheeb xyuas los ntawm Andy Nguyen los ntawm Google thiab tsis sib tshooj nrog lwm qhov teeb meem uas nyuam qhuav dhau los Cov kws tshawb fawb los ntawm Purdue University thiab Γcole Polytechnique FΓ©dΓ©rale de Lausanne. Cov kws tshawb fawb no tau tsim cov khoom siv USBFuzz, uas simulates ib qho kev ua haujlwm tsis raug ntawm USB rau fuzzing kuaj ntawm USB tsav tsheb. USBFuzz tau npaj sai sai no . Siv cov cuab yeej tshiab, 26 qhov tsis zoo tau raug txheeb xyuas, ntawm 18 hauv Linux, 4 hauv Windows, 3 hauv macOS thiab ib qho hauv FreeBSD. Cov ntsiab lus hais txog cov teeb meem no tseem tsis tau nthuav tawm; nws tsuas yog hais tias CVE tus cim tau txais rau 10 qhov tsis zoo, thiab 11 teeb meem tshwm sim hauv Linux twb tau kho lawm. Ib txoj kev sim fuzzing zoo sib xws Andrey Konovalov los ntawm Google, uas dhau ob peb xyoos dhau los hauv Linux USB pawg.
Tau qhov twg los: opennet.ru