Uncategorized

Many vulnerabilities found in Linux kernel USB subsystem by syzkaller

Andrey Konovalov posted a bunch of Linux USB vulnerabilities to the OSS-Security list, found using the syzkaller Linux system call fuzzer.

Hi! Below are the details for 14 vulnerabilities found with syzkaller in the Linux kernel USB subsystem. All of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine. There’s quite a lot more similar bugs reported [1] but not yet fixed.[…]

The first message had 14 vulns:
http://www.openwall.com/lists/oss-security/2017/11/06/8
This second message has 8 more:
http://www.openwall.com/lists/oss-security/2017/11/08/2

https://github.com/google/syzkaller/blob/master/docs/linux/found_bugs_usb.md
https://github.com/google/syzkaller
https://firmwaresecurity.com/2017/02/24/google-syzkaller-linux-syscall-fuzzer/

 

 

 

Standard

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s