Andrey Konovalov sitere na Google 15 adịghị ike na ndị ọkwọ ụgbọ ala USB enyere na kernel Linux. Nke a bụ nsogbu nke abụọ achọpụtara n'oge ule fuzzing - na 2017, onye nyocha a Enwere adịghị ike 14 ọzọ na ngwugwu USB. Enwere ike ịkpata nsogbu mgbe ejikọrọ ngwaọrụ USB akwadoro nke ọma na kọmputa. Mwakpo ga-ekwe omume ma ọ bụrụ na enwere ike ịnweta ngwa ahụ ma nwee ike iduga ma ọ dịkarịa ala kernel okuku, ma a pụghị iwepụ ihe ngosi ndị ọzọ (dịka ọmụmaatụ, maka mwakpo yiri nke ahụ chọpụtara na 2016). na USB ọkwọ ụgbọala snd-usbmidi gara nke ọma ime koodu na ọkwa kernel).
N'ime okwu iri na ise ahụ, edobere 15 na mmelite kernel Linux kachasị ọhụrụ, mana adịghị ike abụọ (CVE-13-2019, CVE-15290-2019) na-edobeghi na ntọhapụ ọhụrụ 15291. Ọdịmma na-adịghị ahụkebe nwere ike iduga nkwụsịtụ NULL pointer na ndị ọkwọ ụgbọ ala ath5.2.9kl na b6c2 mgbe ị na-anata data ezighi ezi site na ngwaọrụ ahụ. Ihe ọghọm ndị ọzọ gụnyere:
- Ịnweta na mpaghara ebe nchekwa a tọhapụrụlarị (iji ya emechaa n'efu) na ndị ọkwọ ụgbọala v4l2-dev / redio-raremono, dvb-usb, ụda / isi, cpia2 na p54usb;
- Ebe nchekwa na-enweghị okpukpu abụọ na ọkwọ ụgbọ ala Rio500;
- NULL pointer dereferences na yurex, zr364xx, siano/smsusb, sisusbvga, line6/pcm, motu_microbooki na line6 ọkwọ ụgbọala.
isi: opennet.ru