14 vulnerabilities in the Linux kernel’s USB-stack

Nov 07, 2017 | 4:35 pm

Published by | Chandan Singh

14 vulnerabilities in the Linux kernels USB-stack –

During the test, syzkaller fuzzy testing system revealed 14 vulnerabilities in the USB-stack of the Linux kernel, which allow attacking the system when specially prepared USB devices are connected to the computer.

Vulnerabilities can be exploited if there is physical access to equipment and can lead to the initiation of a kernel crash, but other manifestations are not excluded.

Three problems are caused by accessing already-freed memory blocks (use-after-free), nine by reading from areas outside the buffer boundaries and two by addressing the incorrect GPF(General Protection Fault). Problems are fixed in release 4.13.11.