On Tue, Aug 16, 2016 at 03:20:41PM +0300, Binyamin Sharet wrote: > Many USB host implementations, including at least older versions of Linux, We can't go back in time and fix code, sorry :) > have bugs in the enumeration phase. While I cannot pinpoint a ToC/ToU > vulnerability in the configuration descriptor at the moment, I found more than > a couple of issues with configuration descriptor parsing. I will post them here > soon, hopefully today. Great! > However, just over the last year multiple USB related CVEs in the Linux kernel > were published (not by me). Yes, we know this well :) Most of these were found using some small embedded systems (like a teensy), which is pretty simple to use, but if we could get this into the gadget interface, and use the virtual gadget controller, we can automate tests to ensure that we have fixed problems, and that when we do, they don't come back by adding them to our regression tests.) > Also, while there might not be a specific ToC/ToU bug in configuration > descriptor parsing in Linux at the moment, there might still be in the > future, or in a different operating system, or in a user application > that queries those descriptor. My goal is to test all those cases, > not just the current Linux kernel. A good goal, I like it :) thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
