UAndrey Konovalov ovela kuGoogle Iingxaki ezili-15 kubaqhubi be-USB ezivezwe kwi-kernel LinuxEli liqela lesibini leengxaki ezifunyenwe ngexesha lovavanyo olungasebenzi kakuhle - ngo-2017, lo mphandi Kukho ubuthathaka obungakumbi obuli-14 kwisitaki se-USB. Iingxaki zinokuthi zisetyenziswe xa izixhobo ze-USB ezilungiselelwe ngokukodwa ziqhagamshelwe kwikhompyuter. Ukuhlaselwa kunokwenzeka ukuba kukho ukufikelela ngokomzimba kwisixhobo kwaye kunokukhokelela ubuncinane kwi-kernel crash, kodwa ezinye izibonakaliso azikwazi ukukhutshwa (umzekelo, ukuhlaselwa okufanayo okufunyenwe kwi-2016 kumqhubi we-USB snd-usbmidi iphumelele ukwenza ikhowudi kwinqanaba le-kernel).
Kwimiba eli-15, eli-13 sele lilungisiwe kuhlaziyo lwamva nje lwekernel. Linux, kodwa kukho ubuthathaka obubini (CVE-2019-15290, CVE-2019-15291) obungekasuswa kwinguqulelo yamva nje 5.2.9. Ubuthathaka obungasuswanga bunokukhokelela ekungafumaneki kwe-NULL pointer kwi-ath6kl kunye nabaqhubi be-b2c2 xa befumana idatha engavumelekanga kwisixhobo. Ezinye ubuthathaka ziquka:
- Ukufikelela kwiindawo zememori esele zikhululiwe (ukusetyenziswa-emva kokukhululeka) kubaqhubi i-v4l2-dev/radio-raremono, i-dvb-usb, isandi / i-core, i-cpia2 kunye ne-p54usb;
- Imemori yasimahla kabini kumqhubi werio500;
- I-NULL pointer dereferences kwi-yurex, zr364xx, siano/smsusb, sisusbvga, line6/pcm, motu_microbookii kunye nabaqhubi be-line6.
umthombo: opennet.ru
