40 Linux security holes found in USB subsystem - Maritime Cyber Alliance
Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
V-ID Terminal
Support
My Account

News

Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019
 
 
 

40 Linux security holes found in USB subsystem

 
November 8th 2017
The Linux kernel USB subsystem has more holes than a donut shop. On Monday, Google security researcher Andrey Konovalov disclosed 14 Linux USB flaws found using syzkaller, a kernel fuzzing tool developed by another Google software engineer, Dmitry Vyukov.

That's just the tip of the iceberg. In an email to The Register, Konovalov said he asked for CVEs for another seven vulnerabilities on Tuesday, and noted there are something like 40 that have not been fixed or triaged.

Konovalov downplayed the risk posed by the flaws, based on the fact that physical access is a prerequisite to an attack. In other words, to exploit these vulnerabilities and potentially hijack a machine or infect it with spyware, you have to be be able to actually insert a malicious USB gadget into a Linux-powered system.

Still, there are plenty of these ports around – like on your Linux-powered in-flight entertainment unit on an airplane, and on your Linux-powered Android handheld and ChromeOS laptop.

"The impact is quite limited, all the bugs require physical access to trigger," said Konovalov. "Most of them are denial-of-service, except for a few that might be potentially exploitable to execute code in the kernel."

In an online discussion of the flaws, it was suggested that the WebUSB API might provide a way to take advantage of the bugs remotely, but Konovalov expressed skepticism.

"I might be wrong here, but as far as I understand, WebUSB API can be used by a web page to interact with a USB device (or USB device driver) from user space (which can potentially be used to exploit bugs in the kernel)," he said. "Those 14 bugs that I found are triggerable externally by connecting malicious USB devices, so in this case we attack the kernel kind of 'from the other side.' In theory it might be possible to exploit a vulnerability in a USB device itself, and then use the compromised device to externally trigger a kernel bug."

Nonetheless, such flaws are just the sort of thing hackers and other miscreants may appreciate were they looking to conduct dropped-drive attacks – leaving a booby-trapped gizmos in a parking lot, say – which happen to be rather more effective than they should be.

Source

Keywords