Andrey Konovalov oo ka socda Google 15 baylahda darawalada USB ee lagu bixiyo kernel Linux. Tani waa dufcaddii labaad ee dhibaatooyinka la helo inta lagu guda jiro baaritaanka jahawareerka - 2017, cilmi-baadhahan Waxa jira 14 kale oo dayacan oo ku jira xidhmada USB-ga. Dhibaatooyinka suurtagalka ah waa laga faa'iidaysan karaa marka qalabka USB-ga ee sida gaarka ah loo diyaariyey lagu xidho kombayutarka. Weerarku waa suurtogal haddii ay jirto helitaanka jireed ee qalabka waxayna keeni kartaa ugu yaraan shil kernel ah, laakiin calaamado kale lama saari karo (tusaale ahaan, weerar la mid ah oo la helay 2016 dareewalka USB snd-usbmidi waa ku guulaystay si loo fuliyo koodka heerka kernel).
15-ka arrimood, 13 ayaa mar hore lagu hagaajiyay cusboonaysiintii ugu dambeysay ee kernel Linux, laakiin laba dayacan (CVE-2019-15290, CVE-2019-15291) ayaa weli aan la hagaajinin siideyntii ugu dambeysay ee 5.2.9. Nuglaanta aan la daboolin waxay u horseedi kartaa leexinta tilmaame NULL ee darawallada ath6kl iyo b2c2 marka xogta khaldan laga helayo qalabka. Nuglaanta kale waxaa ka mid ah:
- Gelitaanka meelaha xusuusta ee hore loo xoreeyay (isticmaalka-ka-dib-free) ee darawalada v4l2-dev/radio-raremono, dvb-usb, sound/core, cpia2 iyo p54usb;
- Xusuusta laba-laba-la'aanta ah ee darawalka rio500;
- Tilmaamaha NULL ee yurex, zr364xx, siano/smsusb, sisusbvga, line6/pcm, motu_microbookii iyo line6 darawalada.
Source: opennet.ru