ho tsoa ho Google tlaleha mabapi le ho tsebahatsa bofokoli bo latelang ba 15 (CVE-2019-19523 - CVE-2019-19537) ho li-driver tsa USB tse fanoeng kernel ea Linux. Ena ke sehlopha sa boraro sa mathata a fumanoeng nakong ea tlhahlobo ea fuzz ea "USB stack" ka har'a sephutheloana - mofuputsi ea fanoeng pele mabapi le boteng ba 29 bofokoli.
Lekhetlong lena lenane le kenyelletsa feela bofokoli bo bakoang ke ho fihlella libaka tsa memori tse seng li lokolotsoe (ts'ebeliso-kamora-mahala) kapa tse lebisang ho lutla ha data ho tsoa mohopolong oa kernel. Litaba tse ka sebelisoang ho baka ho haneloa ha tšebeletso ha lia kenyelletsoa tlalehong. Bofokoli bo ka sebelisoa hampe ha lisebelisoa tse lokiselitsoeng ka ho khetheha tsa USB li hokahantsoe le komporo. Litokiso bakeng sa mathata ohle a boletsoeng tlalehong a se a kenyelelitsoe kernel, empa tse ling ha li kenyelelitsoe tlalehong. e ntse e sa lokisoe.
Likotsi tse kotsi ka ho fetisisa tsa tšebeliso ea morao-rao tse ka lebisang ho ts'ebetsong ea khoutu ea mohlaseli li felisitsoe ho bakhanni ba adutux, ff-memless, ieee802154, pn533, hiddev, iowarrior, mcba_usb le yurex. CVE-2019-19532 e boetse e thathamisa likotsi tse 14 ho bakhanni ba HID tse bakoang ke liphoso tse lumellang ho ngola ka ntle ho meeli. Mathata a ile a fumanoa ho ttusb_dec, pcan_usb_fd le pcan_usb_pro drivers tse lebisang ho lutla ha data ho tsoa mohopolong oa kernel. Taba (CVE-2019-19537) ka lebaka la maemo a morabe e khethiloe ka har'a khoutu ea USB bakeng sa ho sebetsa ka lisebelisoa tsa libapali.
U ka boela ua hlokomela
bofokoli ba bane (CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901) ho mokhanni oa li-chips tse se nang mohala tsa Marvell, tse ka lebisang ho khaphatseha ha buffer. Tlhaselo e ka etsoa hole ka ho romela liforeimi ka tsela e itseng ha e hokela sebakeng sa phihlello sa mohala oa mohlaseli. Tšokelo e ka 'nang ea etsahala ke ho haneloa ha tšebeletso ka thōko (kernel crash), empa monyetla oa ho phethahatsa khoutu tsamaisong e ke ke ea qheleloa ka thōko.
Source: opennet.ru