Mu USB Gadget, dongosolo la kernel LinuxKufooka (CVE-2021-39685) kwapezeka mu USB Gadget API, yomwe imapereka mawonekedwe a mapulogalamu opangira zida za USB za makasitomala ndi kutsanzira zida za USB. Kufooka kumeneku kungayambitse kutayikira kwa chidziwitso cha kernel, kuwonongeka, kapena kuyika ma code mosasamala pamlingo wa kernel. Kuukira kumeneku kumachitika ndi wogwiritsa ntchito wamba wopanda mwayi kudzera mu kusintha magulu osiyanasiyana a zida zomwe zimagwiritsidwa ntchito pogwiritsa ntchito USB Gadget API, monga rndis, hid, uac1, uac1_legacy, ndi uac2.
Vutoli lakonzedwa mu zosintha za kernel zomwe zafalitsidwa posachedwapa. Linux 5.15.8, 5.10.85, 5.4.165, 4.19.221, 4.14.258, 4.9.293 ndi 4.4.295. Vutoli silinathetsedwebe m'magawidwe (Debian, Ubuntu, RHEL, SUSE, Fedora, Arch). Chitsanzo cha ntchito yowonetsa kufooka kwa chipangizochi chakonzedwa.
Vutoli limadza chifukwa cha kusefukira kwa bafa muzoyendetsa zopempha zotumizira ma data mu ma driver a gadget rndis, hid, uac1, uac1_legacy ndi uac2. Chifukwa chogwiritsa ntchito pachiwopsezo, wowukira wopanda mwayi atha kupeza mwayi wokumbukira kernel potumiza pempho lapadera lowongolera lomwe lili ndi gawo la wLength lomwe limaposa kukula kwa static buffer, pomwe ma byte 4096 amaperekedwa nthawi zonse (USB_COMP_EP0_BUFSIZ). Panthawi yachiwonongeko, njira yopanda mwayi pamalo ogwiritsira ntchito imatha kuwerenga kapena kulemba mpaka 65 KB ya data mu kernel memory.
Source: opennet.ru
