Andrey Konovalov oa Google Bofokoli ba 15 ho bakhanni ba USB bo fanoang ka har'a Linux kernel. Ena ke sehlopha sa bobeli sa mathata a fumanoeng nakong ea tlhahlobo ea fuzzing - ka 2017, mofuputsi enoa ho na le likotsi tse ling tse 14 ka har'a stack ea USB. Mathata a ka sebelisoa hampe ha lisebelisoa tsa USB tse lokiselitsoeng ka ho khetheha li hokahantsoe le komporo. Tlhaselo e ka etsahala haeba ho na le phihlello ea 'mele ea lisebelisoa mme e ka lebisa bonyane ho putlama ha kernel, empa lipontšo tse ling ha li qheleloe ka thoko (mohlala, bakeng sa se tšoanang ho mokhanni oa usb snd-usbmidi o atlehile ho kenya khoutu boemong ba kernel).
Har'a lintlha tse 15, tse 13 li se li hlophisitsoe lintlafatsong tsa morao-rao tsa Linux, empa likotsi tse peli (CVE-2019-15290, CVE-2019-15291) li ntse li sa phatlalatsoe tokollong ea morao-rao ea 5.2.9. Bofokoli bo sa ngolisoang bo ka etsa hore bakhanni ba ath6kl le b2c2 ba furalle pointer ea NULL ha data e fosahetseng e amoheloa ho tsoa sesebelisoa. Bofokoli bo bong bo kenyelletsa:
- Mehala ho libaka tsa memori tse seng li lokolotsoe (sebelisa-kamora-mahala) ho v4l2-dev/radio-raremono, dvb-usb, sound/core, cpia2 le p54usb driver;
- Memori e sa lefelloeng habeli (mahala habeli) ho mokhanni oa rio500;
- NULL pointer dereferences ho yurex, zr364xx, siano/smsusb, sisusbvga, line6/pcm, motu_microbookii le bakhanni ba line6.
Source: opennet.ru