Pa FreeBSD chiwopsezo mu stack ya USB (CVE-2020-7456) yomwe imalola kugwiritsa ntchito ma code pamlingo wa kernel kapena pamalo ogwiritsira ntchito pomwe chipangizo choyipa cha USB chilumikizidwa ndi dongosolo. Zofotokozera za chipangizo cha USB HID (Human Interface Device) zimatha kuyika ndi kupeza momwe zilili pano, kulola kuti mafotokozedwe azinthu asanjidwe m'magulu amitundu yambiri. FreeBSD imathandizira mpaka 4 milingo yotereyi. Ngati mulingo sunabwezeretsedwe pokonza chinthu chomwecho cha HID, malo okumbukira osavomerezeka amapezeka. Vutoli lidakonzedwa muzosintha za FreeBSD 11.3-RELEASE-p10 ndi 12.1-RELEASE-p6. Monga njira yotetezera chitetezo, tikulimbikitsidwa kukhazikitsa chizindikiro "sysctl hw.usb.disable_enumeration=1".
Chiwopsezochi chidadziwika ndi Andy Nguyen wochokera ku Google ndipo sichikumana ndi vuto lina lomwe posachedwapa. ofufuza ochokera ku Yunivesite ya Purdue ndi Γcole Polytechnique FΓ©dΓ©rale de Lausanne. Ofufuzawa apanga zida za USBFuzz, zomwe zimatengera chipangizo cha USB chomwe sichikugwira ntchito molakwika poyesa kuyesa madalaivala a USB. USBFuzz ikukonzekera posachedwa . Pogwiritsa ntchito chida chatsopanochi, zofooka 26 zidadziwika, zomwe 18 mu Linux, 4 mu Windows, 3 mu macOS ndi imodzi mu FreeBSD. Tsatanetsatane wamavutowa sizinaululidwebe; zimangotchulidwa kuti zozindikiritsa za CVE zapezeka pachiwopsezo 10, ndipo zovuta 11 zomwe zikuchitika ku Linux zidakonzedwa kale. Njira yofananira yoyezera fuzzing Andrey Konovalov wochokera ku Google, yemwe zaka zingapo zapitazi mu Linux USB stack.
Source: opennet.ru