U-Andrey Konovalov wakwa-Google 15 ubungozi kubashayeli be-USB obunikezwa ku-Linux kernel. Leli iqoqo lesibili lezinkinga ezitholwe ngesikhathi sokuhlolwa kwe-fuzzing - ngo-2017, lo mcwaningi Kunokulimala okwengeziwe okungu-14 kusitaki se-USB. Izinkinga zingase zisetshenziswe lapho izisetshenziswa ze-USB ezilungiselelwe ngokukhethekile zixhunywe kukhompuyutha. Ukuhlasela kungenzeka uma kukhona ukufinyelela ngokomzimba kumishini futhi kungaholela okungenani ekuphahlazekeni kwe-kernel, kodwa okunye ukubonakaliswa akukwazi ukukhishwa (isibonelo, ngokuhlaselwa okufanayo okutholwe ngo-2016 kumshayeli we-USB snd-usbmidi iphumelele ukwenza ikhodi ezingeni le-kernel).
Ezindabeni eziyi-15, eziyi-13 sezivele zilungisiwe kuzibuyekezo zakamuva ze-Linux kernel, kodwa ubungozi obubili (CVE-2019-15290, CVE-2019-15291) abushintshile ekukhishweni kwakamuva kwe-5.2.9. Ubungozi obunganamathiselwe bungaholela ekususweni kwesikhombi esingu-NULL kubashayeli be-ath6kl kanye ne-b2c2 lapho bethola idatha engalungile evela kudivayisi. Okunye ubungozi buhlanganisa:
- Ukufinyelela ezindaweni zememori esezivele zikhululiwe (ukusetshenziswa ngemva-kwamahhala) kubashayeli i-v4l2-dev/radio-raremono, dvb-usb, sound/core, cpia2 kanye ne-p54usb;
- Imemori yamahhala kabili kumshayeli we-rio500;
- NULL pointer dereferences kuyurex, zr364xx, siano/smsusb, sisusbvga, line6/pcm, motu_microbookii kanye nabashayeli be-line6.
Source: opennet.ru