kubva kuGoogle Mushumo wekuwanikwa kwezvimwe zvipingamupinyi gumi nezvishanu (CVE-2019-19523 - CVE-2019-19537) mumadhiraivha eUSB ari mukernel LinuxIri ndiro boka rechitatu rematambudziko akawanikwa panguva yekuedza USB stack mupakeji. - muongorori akambopihwa nezve kuvapo kwe29 kusasimba.
Panguva ino runyorwa runosanganisira chete kusagadzikana kunokonzerwa nekuwana yakatosunungurwa ndangariro nzvimbo (kushandisa-mushure-yemahara) kana kutungamira kune data kuvuza kubva kukernel memory. Nyaya dzinogona kushandiswa kukonzera kunyimwa basa hadzina kubatanidzwa mumushumo. Kusagadzikana kunogona kushandiswa kushandiswa kana yakanyatsogadzirirwa USB michina yakabatana pakombuta. Magadzirirwo ematambudziko ese ataurwa mumushumo akatoverengerwa mu kernel, asi mamwe haana kuisirwa mushumo. ramba usina kururamiswa.
Kunyanya kutyisa kwekushandisa-mushure-kwemahara kusakanganiswa kunogona kutungamirira kukurwisa kodhi kuurayiwa kwakabviswa muadutux, ff-memless, ieee802154, pn533, hiddev, iowarrior, mcba_usb uye yurex vatyairi. CVE-2019-19532 inonyorawo gumi nemana kusazvibata mumadhiraivha eHID anokonzerwa nezvikanganiso zvinobvumira kunze-kwe-mabheji kunyora. Matambudziko akawanikwa mune ttusb_dec, pcan_usb_fd uye pcan_usb_pro madhiraivha anotungamira kune data leakage kubva kukernel memory. Imwe nyaya (CVE-14-2019) nekuda kwechimiro chemujaho yaonekwa mu USB stack kodhi yekushanda nemidziyo yehunhu.
Unogonawo kucherechedza
ina kusagadzikana (CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901) mutyairi weMarvell isina waya machipisi, ayo anogona kutungamira kune buffer kufashukira. Kurwiswa kwacho kunogona kuitwa kure nekutumira mafuremu neimwe nzira kana uchibatanidza kune anorwisa isina waya yekupinda nzvimbo. Iyo inonyanya kutyisidzira ndeyekuramba kwesevhisi kure (kernel crash), asi mukana wekuita kodhi pane system haugone kubviswa.
Source: opennet.ru
