ka Google warbixin ku saabsan aqoonsiga 15-ka dayacan ee soo socda (CVE-2019-19523 - CVE-2019-19537) ee darawalada USB ee lagu bixiyo kernel Linux. Tani waa dufcaddii saddexaad ee dhibaatooyinka la helo inta lagu guda jiro tijaabada fuzz ee xirmada USB-ga ee xirmada - hore loo siiyey cilmi ku saabsan joogitaanka 29 dayacan.
Wakhtigan liisku waxa ku jira baylahda kaliya ee ay keento gelitaanka meelaha xusuusta ee hore loo xoreeyay (isticmaalka-kadib-free) ama keenaya inay xogta ka soo baxdo xusuusta kernel-ka. Arrimaha loo isticmaali karo in lagu diido adeegga kuma jiraan warbixinta. Nuglaanta waxaa suurtagal ah in laga faa'iidaysto marka aaladaha USB-ga ee sida gaarka ah loo diyaariyay lagu xiray kombuyutarka. Hagaajinta dhammaan dhibaatooyinka lagu sheegay warbixinta ayaa horay loogu daray kernel-ka, laakiin qaarkood kuma jiraan warbixinta. wali lama sixin
Nuglaanta isticmaalka-kadib-la'aanta ah ee ugu khatarta badan ee u horseedi kara fulinta koodka weerarka ayaa lagu tirtiray adutux, ff-memless, ieee802154, pn533, hiddev, iowarrior, mcba_usb iyo darawalada yurex. CVE-2019-19532 waxa kale oo uu taxayaa 14 dayacan oo ka mid ah darawalada HID ee ay sababaan khaladaadka u oggolaanaya in meel ka baxsan ay wax qoraan. Dhibaatooyinka ayaa laga helay ttusb_dec, pcan_usb_fd iyo pcan_usb_pro darawaliinta taasoo horseedaysa inay xogta ka baxdo xusuusta kernel-ka. Arrin (CVE-2019-19537) xaalad jinsiyad awgeed ayaa lagu aqoonsaday koodhka kaydka USB ee ku shaqaynta aaladaha dabeecadda.
Waxaad sidoo kale ogaan kartaa
afar dayacan (CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901) ee darawalka loogu talagalay chips-ka wireless-ka ee Marvell, taas oo u horseedi karta qulqulka qulqulka. Weerarka waxaa lagu qaadi karaa meel fog iyadoo loo soo dirayo fiimyada hab gaar ah marka lagu xirayo barta gelitaanka wireless-ka ee weerarka. Khatarta ugu badan ayaa ah diidmada fog ee adeegga (shilka kernel), laakiin suurtagalnimada fulinta code ee nidaamka lama saari karo.
Source: opennet.ru