On FreeBSD nuglaanta ku jirta xidhmada USB-ga (CVE-2020-7456) taas oo u ogolaanaysa fulinta koodka heerka kernel ama booska isticmaalaha marka aaladda USB-ga xaasidnimada leh lagu xidho nidaamka. USB HID (Aaladda Interface-ka Aadanaha) Sharaxayaasha aaladaha ayaa gelin kara oo soo ceshan kara xaaladda hadda jirta, taasoo u oggolaanaysa sharraxaadda shayga in loo qaybiyo kooxo heerar badan ah. FreeBSD waxay taageertaa ilaa 4 heerar soo saaris ah. Haddii heerka aan la soo celin marka la farsameynayo isla walxaha HID, meel xusuusta aan ansax ahayn ayaa la gelayaa. Dhibaatada waxaa lagu hagaajiyay FreeBSD 11.3-SIIDAYN-p10 iyo 12.1-SIIDAYN-p6. Hawsha amniga ahaan, waxaa lagu talinayaa in la dejiyo cabbirka "sysctl hw.usb.disable_enumeration=1".
Nuglaanta waxaa aqoonsaday Andy Nguyen oo ka socda Google mana la xidhiidho dhibaato kale oo dhawaan jirtay cilmi-baarayaal ka socda Jaamacadda Purdue iyo Ecole Polytechnique Fédérale de Lausanne. Cilmi-baarayaashani waxay soo saareen qalabka USBFuzz, kaas oo u dhigma aalad USB ah oo si khaldan u shaqeysa si loogu tijaabiyo darawallada USB-ga. USBFuzz waa la qorsheeyay dhawaan . Isticmaalka qalabka cusub, 26 dayacan ayaa la aqoonsaday, kuwaas oo 18 ka mid ah Linux, 4 gudaha Windows, 3 gudaha macOS iyo mid ku jira FreeBSD. Faahfaahinta ku saabsan dhibaatooyinkan weli lama shaacin; waxa kaliya oo la sheegay in aqoonsiga CVE loo helay 10 dayacan, iyo 11 dhibaatooyin oo ka dhacay Linux ayaa mar hore la hagaajiyay. Farsamo tijaabin wareersan oo la mid ah Andrey Konovalov oo ka socda Google, kaasoo dhowrkii sano ee la soo dhaafay in Linux USB xidhmo.
Source: opennet.ru