https://twitter.com/kayseesee/status/927923337543655424
Andrey Konovalov posted a bunch of Linux USB vulnerabilities to the OSS-Security list, found using the syzkaller Linux system call fuzzer.
Hi! Below are the details for 14 vulnerabilities found with syzkaller in the Linux kernel USB subsystem. All of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine. There’s quite a lot more similar bugs reported [1] but not yet fixed.[…]
The first message had 14 vulns:
http://www.openwall.com/lists/oss-security/2017/11/06/8
This second message has 8 more:
http://www.openwall.com/lists/oss-security/2017/11/08/2
https://github.com/google/syzkaller/blob/master/docs/linux/found_bugs_usb.md
https://github.com/google/syzkaller
Firmware Security 