On Wed, 2016-03-16 at 10:08 -0400, Alan Stern wrote: > On Wed, 16 Mar 2016, Oliver Neukum wrote: > > > Attacks that trick drivers into passing a NULL pointer > > to usb_driver_claim_interface() using forged descriptors are > > known. This thwarts them by sanity checking. > > I'm curious -- how do these attacks carry out their trickery? They are using a programmable gadget. http://seclists.org/bugtraq/2016/Mar/90 HTH Oliver -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html