Potential vulnerabilities in USB host stack/drivers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

We are using Umap2 to scan USB hosts for vendor-specific device support.
e.g. whether appropriate drivers are loaded when a device with a specific
VID/PID is inserted.

In our configuration, we connect multiple times to the host, each time
providing different VID/PID in the device descriptor, and then we provide
a single configuration with a single interface that has multiple (10)
endpoints of different types.

Umap2 can be downloaded from https://github.com/nccgroup/umap2,
and requires either a Facedancer board or a beaglebone black with a
modified gadgetfs module (source and instructions in umap2 repository) to
be used.

During this scan we have found multiple issues in the kernel.
Some issues cause the the USB stack to hang, while others cause an oops.
Some of the issues seem similar and might originate from the same source,
however, due to my lack of knowledge in the Linux USB subsystem, I did not
perform an in-depth analysis of the root causes.

In total, there are 11 issues: 2 hangs, 8 NULL pointer dereference and
1 oops caused by kernel unable to handle paging address.

To keep some order, I will send a separate mail for each issue, titled
'[Umap2][x/11][$VID:$PID] $result'.

-- Binyamin

--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux