Ngeli xesha uluhlu lubandakanya kuphela ubuthathaka obubangelwa kukufikelela kwiindawo zememori esele zikhululwe (ukusetyenziswa-emva kokukhululeka) okanye ukukhokelela ekuvuzeni kwedatha kwimemori ye-kernel. Imiba enokuthi isetyenziswe ukwenza ukwaliwa kwenkonzo ayiqukwanga kwingxelo. Ubuthathaka bunokuthi busetyenziswe xa izixhobo ze-USB ezilungiselelwe ngokukodwa ziqhagamshelwe kwikhompyuter. Ukulungiswa kwazo zonke iingxaki ezikhankanywe kwingxelo sele zibandakanyiwe kwi-kernel, kodwa ezinye azifakwanga kwingxelo.
Ukusetyenziswa okuyingozi kakhulu emva kobuthathaka obungakhokelela ekuqhutyweni kwekhowudi yomhlaseli kupheliswe kwi-adtux, ff-memless, ieee802154, pn533, hiddev, iowarrior, mcba_usb kunye nabaqhubi beyurex. I-CVE-2019-19532 iphinda idwelise ubuthathaka be-14 kubaqhubi be-HID okubangelwa iimpazamo ezivumela ukubhala ngaphandle kwemida. Iingxaki zifunyenwe kwi-ttusb_dec, pcan_usb_fd kunye ne-pcan_usb_pro abaqhubi abakhokelela ekuvuzeni kwedatha kwimemori ye-kernel. Umba (CVE-2019-19537) ngenxa yemeko yogqatso ichongiwe kwikhowudi ye-USB ye-stack yokusebenza kunye nezixhobo zabalinganiswa.
Unokuqaphela kwakhona
umthombo: opennet.ru