oss-sec mailing list archives
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2
From: "Stuart D. Gathman" <stuart () gathman org>
Date: Thu, 22 Aug 2019 16:28:38 -0400 (EDT)
Since we're arguing... What would worry me is an exploit where I allowa friend to connect their USB flash drive, it operates normally to all appearances. Nothing is auto-executed by a stupid OS (like the Iran centrifuge worm). But, the device is able to insert some privileged code through low level protocol bugs - all while operating normally as
a USB storage device. It is not obvious how any of the USB bugs just reported could be exploited that way - but anytime you have buffer overflows and stuff, some evil genius might find a way. I also worry about file system bugs doing something similar on any removeable media, or downloaded image. On Thu, 22 Aug 2019, Eddie Chapman wrote:
On 22/08/2019 20:00, Perry E. Metzger wrote:You can argue anything you like. Power charging points have popped up around the world, and you're not in a position to stop them. Furthermore, I'll note that over the air exploitable bugs in things like WiFi stacks and Bluetooth stacks have also appeared over time; perhaps it's foolish to have your phone on at all, and yet people will continue to turn their phones on, and even to use them.
-- Stuart D. Gathman <stuart () gathman org> "Confutatis maledictis, flamis acribus addictis" - background song for a Microsoft sponsored "Where do you want to go from here?" commercial.
Current thread:
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2, (continued)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Brad Spengler (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Jeremy Stanley (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 John Haxby (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Kurt H Maier (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Mathias Payer (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Stuart D. Gathman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 23)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov (Sep 27)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Tyler Hicks (Sep 27)