14 flaws in Linux kernel USB drivers were just disclosed by Google researcher Andrey Konovalov. The researcher found the vulnerabilities by deploying a kernel fuzzler known as syzkaller.
The “14 vulnerabilities found with syzkaller in the Linux kernel USB subsystem… can be triggered with a
crafted malicious USB device in case an attacker has physical access to the machine,” the researcher wrote. Fortunately, all the issues have already been addressed and fixed.
A Total of 79 Flaws Affect Linux Kernel USB Drivers
However, it turns out that they are part of a group of 79 other flaws that affect Linux kernel’s USB drivers. Out of these 79 vulnerabilities, 22 have been given CVE identifiers and have available fixes, but not all of them have been fixed.
One of the flaws disclosed by Konovalov is CVE-2017-16525, where:
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
The initially mentioned 14 flaws affect Linux kernel before version 4.13.8. Researchers say that they can be leveraged in denial of service attacks. However, a specially crafted USB device may also be used to affect a system to crash and suffer unspecified problems.
Even though physical access is required for these attacks to take place, Stuxnet shouldn’t be forgotten as it was triggered exactly in a similar manner – through infection USB drives previously plugged into a compromised computer. There have been other cases of attackers dropping infected USB device in company parking lots waiting for employees to pick them up and insert them on their computers.
The researcher’s syzkaller reports are definitely keeping kernel developers occupied. In the meantime, Linus Torvalds announced the 4.14 RS 8 release on Sunday. On the next day, however, Konovalov had already come across several other USB bugs. Some of them have been addressed but others haven’t.