kusuka ku-Google umbiko mayelana nokuhlonza ubungozi obulandelayo obuyi-15 (CVE-2019-19523 - CVE-2019-19537) kumashayeli e-USB anikezwa ku-Linux kernel. Leli iqoqo lesithathu lezinkinga ezitholwe ngesikhathi sokuhlolwa kwe-fuzz kwesitaki se-USB kuphakheji - umcwaningi onikezwe ngaphambilini mayelana nokuba khona kobuthakathaka obungama-29.
Kulokhu uhlu luhlanganisa kuphela ubungozi obubangelwa ukufinyelela ezindaweni zememori esezivele zikhululiwe (ukusetshenziswa ngemva kokukhululwa) noma okuholela ekuvuzeni kwedatha kumemori ye-kernel. Izinkinga ezingasetshenziswa ukudala ukwenqatshwa kwenkonzo azifakiwe embikweni. Ubungozi bungase busetshenziswe lapho izisetshenziswa ze-USB ezilungiselelwe ngokukhethekile zixhunywe kukhompuyutha. Ukulungiswa kwazo zonke izinkinga ezishiwo embikweni sekuvele kufakiwe ku-kernel, kodwa okunye akufakiwe embikweni. zisalokhu zingalungisiwe.
Ubungozi bokusebenzisa ngemva kwamahhala obuyingozi kakhulu obungaholela ekubulaweni kwekhodi yomhlaseli bususiwe kubashayeli be-adtux, ff-memless, ieee802154, pn533, hiddev, iowarrior, mcba_usb kanye neyurex. I-CVE-2019-19532 ngokungeziwe ibala ubungozi obuyi-14 kumashayeli e-HID okubangelwa amaphutha avumela ukubhala ngaphandle kwemingcele. Izinkinga zitholwe kubashayeli be-ttusb_dec, pcan_usb_fd kanye ne-pcan_usb_pro okuholela ekuvuzeni kwedatha kumemori ye-kernel. Inkinga (CVE-2019-19537) ngenxa yesimo somjaho ikhonjwe kukhodi yesitaki ye-USB yokusebenza ngamadivayisi wezinhlamvu.
Ungakwazi futhi ukuqaphela
ubungozi obune (CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901) kumshayeli wama-chips angenantambo e-Marvell, okungaholela ekuchichimeni kwebhafa. Ukuhlasela kungenziwa ukude ngokuthumela amafreyimu ngendlela ethile lapho uxhumeka endaweni yokufinyelela okungenantambo yomhlaseli. Usongo okungenzeka kakhulu luwukunqatshelwa kwesevisi okukude (ukuphahlazeka kwe-kernel), kodwa amathuba okwenziwa kwekhodi ohlelweni angeke akhishwe.
Source: opennet.ru