The Syzkaller tool, created and developed with Google support, is intended to fuzzy operating system kernels. For this purpose, different system calls with incorrect entries are systematically tested. The developer Andrey Konovalov has now discovered with Syzkaller a number of partially critical errors in the USB stack of the Linux kernel.
The entire list of errors Konovalov summarized in Github project of Syzkaller. There are also around 20 bugs for which a CVE number has been assigned, which can easily be classified as a vulnerability. These errors can be exploited for local denial-of-service attacks by specially crafted USB devices, resulting in system crashes.
The errors found by Konovalov can be assigned to different categories. These include, for example, zero-pointer dereferencings, use-after-free gaps or even out-of-bounds reads. This applies in particular to those errors of the collection for which no or no CVE numbers have been assigned. In addition, there is no patch available for a large number of the detected bugs, which fixes the possible gaps.
All kernel errors could be security holes
The distinction in principle between security holes possibly even with CVE numbers and other “normal” errors is considered very critical by many Linux kernel developers. For example, this is rejected by Linux inventor and chief developer Linus Torvalds for reasons of principle . The long-term kernel maintainer, Willy Tarreau, also pointed out a few days ago, in a review of the maintenance of version 3.10 , that this distinction was not helpful.
Because that weighs many manufacturers apparently in false security and possibly lead to even years later simple mistakes can prove to be dangerous security vulnerabilities. Manufacturers who have not applied the patches in such a case are then unnecessarily vulnerable. A large part of the kernel community therefore describes all bugs as potentially security-relevant and recommends the use of currently maintained kernel versions and corresponding updates.
0 Comments