Andrey Konovalov kubva kuGoogle 15 kusagadzikana mumadhiraivha e USB anopihwa muLinux kernel. Iri ndiro rechipiri batch rematambudziko anowanikwa panguva yekuyedzwa kwekufungidzira - muna 2017, muongorori uyu Kune gumi nemana mamwe kusasimba mu USB stack. Matambudziko anogona kushandiswa kana yakanyatsogadzirirwa USB michina yakabatana pakombuta. Kurwiswa kunogoneka kana paine kuwana kwemuviri kumidziyo uye kunogona kutungamira kune kanenge kuparara kwekernel, asi kumwe kuratidzwa hakugone kubviswa (semuenzaniso, kurwiswa kwakafanana kwakawanikwa muna 14. mu USB mutyairi snd-usbmidi akabudirira kuita kodhi pane kernel level).
Panyaya gumi neshanu, gumi neshanu dzakatogadziriswa mune ichangoburwa Linux kernel inogadziridza, asi maviri ekusagadzikana (CVE-15-13, CVE-2019-15290) anoramba asina kugadziriswa mukuburitswa kwazvino 2019. Kusagadzikana kusingaverengeki kunogona kutungamirira kune NULL pointer dereferences muath15291kl uye b5.2.9c6 vatyairi kana vachigamuchira data isiriyo kubva pachigadzirwa. Zvimwe zvinokanganisa zvinosanganisira:
- Kupinda kunzvimbo dzakatosunungurwa dzendangariro (kushandisa-mushure-yemahara) muvatyairi v4l2-dev/radio-raremono, dvb-usb, ruzha/core, cpia2 uye p54usb;
- Kaviri-yemahara ndangariro mune rio500 mutyairi;
- NULL pointer dereferences muyurex, zr364xx, siano/smsusb, sisusbvga, line6/pcm, motu_microbookii uye line6 vatyairi.
Source: opennet.ru