Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google Syzkaller fuzzer allowed to discover several flaws in Linux USB Subsystem

The Google researcher Andrey Konovalov discovered several vulnerabilities in the Linux kernel USB subsystem using the Google Syzkaller fuzzer. Google researcher Andrey Konovalov has discovered many security vulnerabilities in Linux USB Subsystem. The expert used a fuzzing tool developed by Google dubbed Syzkaller fuzzer, he discovered tens of vulnerabilities, including 22 security flaws. Konovalov published a detailed analysis of 14 vulnerabilities that have […]

Linux Dirty Frag DirtyDecrypt PinTheft

The Google researcher Andrey Konovalov discovered several vulnerabilities in the Linux kernel USB subsystem using the Google Syzkaller fuzzer.

Google researcher Andrey Konovalov has discovered many security vulnerabilities in Linux USB Subsystem.

The expert used a fuzzing tool developed by Google dubbed Syzkaller fuzzer, he discovered tens of vulnerabilities, including 22 security flaws.

Konovalov published a detailed analysis of 14 vulnerabilities that have been classified as use-after-free, general protection fault, out-of-bounds read, and NULL pointer dereference issues. An attacker can trigger the vulnerabilities to cause a denial-of-service (DoS) condition, one of the issues might be exploited to execute an arbitrary code.

The expert pointed out that an attacker needs to have physical access to the targeted system and connect a malicious USB device to trigger the vulnerabilities.

“Below are the details for 14 vulnerabilities found with syzkaller in the Linux kernel USB subsystem. All of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine.” reads the security advisory.

Linux

Other experts who replied to the advisory pointed out that an attacker who has remote access to a machine may be able to update the firmware on connected USB drives to plant exploits for these flaws and create malicious devices.

“Perhaps not only in that case, but also in case an attacker has remote access to a USB device (perhaps most commonly via remote access to the machine, with privileges to access the USB device) sufficient to replace that device’s firmware (thereby crafting a malicious device).” suggested one of the users.

For example, many USB-connected FPGA boards, Bitcoin miners (“ASICs”), etc. may reasonably be made available to a non-root user (such as via udev rules), and they commonly permit microcontroller firmware update to be performed via USB as well. John the Ripper bleeding-jumbo currently loads firmware into MCUs on ZTEX 1.15y boards at startup (if the firmware in EEPROM is different), and we recommend running it as non-root with udev rules setup to grant access to non-root users in group “ztex” (this setup is described in doc/README-ZTEX).”

Linux kernel versions 4.13.4 and later address many of the vulnerabilities found by Konovalov, unfortunately many of the bugs remain unpatched.

Back in February, the Google researcher discovered a local privilege escalation vulnerability tracked as CVE-2017-6074 that it is an 11-year old flaw.

The flaw was discovered by Konovalov in the DCCP (Datagram Congestion Control Protocol) implementation the same kernel fuzzing tool Syzkaller.

The privilege-escalation issue was affecting all the major Linux distro, including Debian, OpenSUSE, Redhat, and Ubuntu.

In May, Konovalov reported a privilege escalation bug tracked as CVE-2017-7308 that could be exploited via packet sockets.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Linux USB Subsystem, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]