Kunetseka kwakati wandei kunoonekwa muLinux Kernel muMarvell USB uye Wifi madhiraivha

Tux crash !!! Girazi rakaputsika rinomiririra kushungurudzika kweLinux

Uno imwe yengano dzinozivikanwa kwazvo pamambure nezveLinux ndiyo yakasarudzika "Linux yakachengeteka uye haina kukuvara", asi chinhu ndechekuti izvi manyepo zvachose sezvo zvese zvakakomba uye zvidiki zvipuka paLinux zvakaburitswa (kwete panguva ino asi mushure mekugadziriswa).

Uye yakadaro nyaya iyo nguva pfupi yadarika yakaburitsa nhau kuti hutatu hutatu hwakaonekwa mune mutyairi wemidziyo isina waya inoenderana neMarvell chips ( CVE-2019-14814, CVE-2019-14815, CVE-2019-14816) izvo zvinogona kutungamira kuti dhata inyorwe kunze kweyakagovaniswa bhafa kana uchigadzirisa zvakarongedzwa mapaketi akatumirwa kuburikidza netlink interface.

Nezve kushomeka kwaMarvell

Kana iri CVE-2019-14814 uku ndiko kufashukira mune mwifiex_set_uap_rates () basa Marvell Wifi mutyairi muLinux kernel

Dambudziko riri mukati mwifiex_set_uap_rates () mune madhiraivha /net/wireless/marvell/mwifiex/uap_cmd.c.

Kune maviri memcpy mafoni mune ino basa kuteedzera chinhu icho WLAN_EID_SUPP_RATES uye WLAN_EID_EXT_SUPP_RATES pasina kutarisa kureba. Iyo dst buffer bss_cfg-> mitengo ndeyehurefu hwehurefu MWIFIEX_SUPPORTED_RATES.

Zvinhu zviviri zviri mu cfg80211_ap_settings zvinobva kunzvimbo yemushandisi.

Panguva yenyaya ye CVE-2019-14815 uku kufashukira mu mwifiex_set_wmm_params () basa muLinux kernel

Dambudziko riri mukati mwifiex_set_wmm_params () mune madhiraivha / net / wireless / marvell / mwifiex / uap_cmd.c.

mwifiex_set_wmm_params () inodaidza memcpy kuteedzera iyo WLAN_OUI_MICROSOFT chinhu ku

bss_cfg-> wmm_info Pasina kutarisa kureba.

bss_cfg-> wmm_info ndiyo chimiro mwifiex_types_wmm_info mhando.

CVE-2019-14816 nenzira imwecheteyo seayo apfuura kufashukira kwemwifiex_update_vs_ie () mune linux kernel

Dambudziko riri mukati mwifiex_update_vs_ie () mune madhiraivha /net/wireless/marvell/mwifiex/ie.c.

mwifiex_set_mgmt_beacon_data_ies () parses beacon IEs, probe response IEs,

Cfg80211_ap_settings-> beacon association response IE, ichadaidza mwifiex_update_vs_ie () kaviri kune IEs yega yega kana IEs dziripo.

Zvemabacon_ies semuenzaniso, mukutanga kufona, mwifiex_update_vs_ie () govera wozoteedzera iyo WLAN_OUI_MICROSOFT chinhu kuna ie-> ie_buffer,

kureva-> ie_buffer irongwa hwehurefu IEEE_MAX_IE_SIZE (256); Parunhare rwechipiri, mwifiex_update_vs_ie () anoteedzera iyo WLAN_OUI_WFA chinhu chakambopihwa. Kana huwandu hwehurefu hwezvinhu zviviri hwakakura kupfuura IEEE_MAX_IE_SIZE, zvinokonzeresa bhajeti kufashukira.

Matambudziko inogona kushandiswa nemushandisi wemuno kukonzera kernel kuparara pane masystem anoshandisa Marvell wireless makadhi.

Iko mukana we izvo munhu ane chinangwa chakaipa anogona shandisa izvi kushomeka kuti uwedzere mikana yako pasystem.

Parizvino matambudziko aya anoramba asina kugadziriswa (kunyange hazvo iwo akatoburitswa mazuva akati wandei apfuura) mune zvakagoverwa (Debian, Ubuntu, Fedora, RHEL, SUSE).

Kunyangwe chigamba chatove chakarongerwa kuiswa muLinux Kernel kune inotevera Tux crash !!! Girazi rakaputsika rinomiririra kushungurudzika kweLinux shanduro.

Zvinodzvinyirirwa mumatyairi e USB

Andrey Konovalov weGoogle akawana kusagadzikana gumi neshanu mumatyairi eUSB inopihwa muLinux kernel.

Uyu ndicho chikamu chechipiri chematambudziko akasangana panguva yekuyedza kwekuyedza: muna 2017, Uyu muongorori akawana zvimwe zvinonamira gumi nematanhatu mudura re USB.

Matambudziko dzinogona kuve dzinogona kushandiswa kana zvakanyatsogadzirirwa USB zvishandiso zvakabatana nekombuta.

Kurwisa eIzvo zvinokwanisika kana paine mukana wekuwana kune komputa uye inogona kukonzeresa imwechete kernel kupunzika asi kumwe kuratidzwa hakusi kubviswa (semuenzaniso, nekuda kwekushupika kwakafanana kwakaratidzwa muna 2016, mutyairi weUSB snd-usbmidi akakwanisa kugadzirira kushandisa kuita kodhi padanho rekernel).

Pamatambudziko gumi neshanu, gumi nematatu yakatogadziriswa mune yazvino Linux kernel inogadziridza, Asi kusagadzikana kweviri (CVE-2019-15290, CVE-2019-15291) inoramba isina kugadziridzwa mune yazvino vhezheni 5.2.9.

Unpatched kudzvinyirira kunogona kutungamira kuNULL pointer kurekodha mune ath6kl uye b2c2 madhiraivha pavanogamuchira isiriyo data kubva kuchinhu.

Zvimwe zvinokuvadza zvinosanganisira:

  • Kuwanika kwenzvimbo dzekurangarira dzakatoburitswa (use-after-free) mune madhiraivha v4l2-dev / radio-raremono, dvb-usb, kurira / musimboti, cpia2 uye p54usb;
  • Kaviri yemahara ndangariro (yakapetwa mahara) mune iyo rio500 controller;
  • NULL pointer dereference mu yurex, zr364xx, siano / smsusb, sisusbvga, line6 / pcm, motu_microbookii, uye line6 driver.

Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako