Re: Potential vulnerabilities in USB host stack/drivers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 16, 2016 at 04:40:43PM +0300, Binyamin Sharet wrote:
> Hi,
> 
> We are using Umap2 to scan USB hosts for vendor-specific device support.
> e.g. whether appropriate drivers are loaded when a device with a specific
> VID/PID is inserted.
> 
> In our configuration, we connect multiple times to the host, each time
> providing different VID/PID in the device descriptor, and then we provide
> a single configuration with a single interface that has multiple (10)
> endpoints of different types.
> 
> Umap2 can be downloaded from https://github.com/nccgroup/umap2,
> and requires either a Facedancer board or a beaglebone black with a
> modified gadgetfs module (source and instructions in umap2 repository) to
> be used.
> 
> During this scan we have found multiple issues in the kernel.
> Some issues cause the the USB stack to hang, while others cause an oops.
> Some of the issues seem similar and might originate from the same source,
> however, due to my lack of knowledge in the Linux USB subsystem, I did not
> perform an in-depth analysis of the root causes.
> 
> In total, there are 11 issues: 2 hangs, 8 NULL pointer dereference and
> 1 oops caused by kernel unable to handle paging address.
> 
> To keep some order, I will send a separate mail for each issue, titled
> '[Umap2][x/11][$VID:$PID] $result'.

Another minor nit, try a leading 0 on your 1-9 emails so they sort
properly :)

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux