Ku-USB Gadget, uhlelo olungaphansi lwe-kernel LinuxKutholakale ubuthakathaka (CVE-2021-39685) ku-USB Gadget API, enikeza isikhombimsebenzisi sesofthiwe sokudala amadivayisi e-USB eklayenti kanye nokulingisa amadivayisi e-USB. Lokhu buthakathaka kungaholela ekuvuthweni kolwazi lwe-kernel, ukuphahlazeka, noma ukwenziwa kwekhodi ngokungahleliwe ezingeni le-kernel. Ukuhlasela kwenziwa ngumsebenzisi wendawo ongenamalungelo ngokuphathwa kwezigaba ezahlukene zedivayisi ezisetshenziswa kusetshenziswa i-USB Gadget API, njenge-rndis, hid, uac1, uac1_legacy, kanye ne-uac2.
Inkinga ilungisiwe kuzibuyekezo ze-kernel ezishicilelwe muva nje. Linux 5.15.8, 5.10.85, 5.4.165, 4.19.221, 4.14.258, 4.9.293 kanye no-4.4.295. Inkinga ayikaxazululwa ekusatshalalisweni (Debian, Ubuntu, RHEL, SUSE, Fedora, Arch). Kulungiselelwe i-prototype exploit ukuze kuboniswe ubuthakathaka.
Inkinga ibangelwa ukuchichima kwebhafa kuzibambi zesicelo sokudlulisa idatha ku-rndis, hid, uac1, uac1_legacy, kanye nezishayeli zegajethi ze-uac2. Njengomphumela wokuxhaphaza ubungozi, umhlaseli ongenalo ilungelo angathola ukufinyelela kumemori ye-kernel ngokuthumela isicelo esikhethekile sokulawula esinenani lenkambu ye-wLength edlula usayizi webhafa emile, lapho 4096 byte inikezwa njalo (USB_COMP_EP0_BUFSIZ). Ngesikhathi sokuhlasela, inqubo yendawo yomsebenzisi engavikelekile ingafunda noma ibhale idatha engafika ku-65 KB kumemori ye-kernel.
Source: opennet.ru
