{"id":1256,"date":"2017-11-09T05:15:50","date_gmt":"2017-11-09T03:15:50","guid":{"rendered":"https:\/\/community.virtono.com\/?p=1256"},"modified":"2017-11-09T05:15:50","modified_gmt":"2017-11-09T03:15:50","slug":"google-disassembles-usb-stack-of-the-linux-kernel","status":"publish","type":"post","link":"https:\/\/www.virtono.com\/community\/internet-and-technology-news\/google-disassembles-usb-stack-of-the-linux-kernel\/","title":{"rendered":"Google disassembles USB stack of the Linux kernel"},"content":{"rendered":"<header class=\"cluster-header\">With a special fuzzer for kernel system calls from\u00a0Google\u00a0, extremely many bugs have been found in the USB stack of the\u00a0Linux kernel\u00a0.\u00a0Many of them are classified as critical vulnerabilities, which is true for all kernel bugs.<\/p>\n<\/header>\n<div class=\"formatted\">\n<p id=\"gpar1\">The Syzkaller tool, created and developed with Google support, is intended to fuzzy operating system kernels.\u00a0For this purpose, different system calls with incorrect entries are systematically tested.\u00a0The developer Andrey Konovalov has now discovered with Syzkaller a number of\u00a0partially critical errors\u00a0in the USB stack of the Linux kernel.<\/p>\n<\/div>\n<p id=\"gpar2\">The\u00a0entire list of errors\u00a0Konovalov summarized in Github project of Syzkaller.\u00a0There are also around 20 bugs for which a CVE number has been assigned, which can easily be classified as a vulnerability.\u00a0These errors can be exploited for local denial-of-service attacks by specially crafted USB devices, resulting in system crashes.<\/p>\n<p id=\"gpar3\">The errors found by Konovalov can be assigned to different categories.\u00a0These include, for example, zero-pointer dereferencings, use-after-free gaps or even out-of-bounds reads.\u00a0This applies in particular to those errors of the collection for which no or no CVE numbers have been assigned.\u00a0In addition, there is no patch available for a large number of the detected bugs, which fixes the possible gaps.<\/p>\n<h3>All kernel errors could be security holes<\/h3>\n<p id=\"gpar4\">The distinction in principle between security holes possibly even with CVE numbers and other &#8220;normal&#8221; errors is considered very critical by many Linux kernel developers.\u00a0For example, this is rejected by Linux inventor and chief developer\u00a0Linus Torvalds for reasons of principle\u00a0.\u00a0The long-term kernel maintainer, Willy Tarreau, also pointed out a few days ago,\u00a0in a review of the maintenance of version 3.10\u00a0, that this distinction was not helpful.<\/p>\n<p id=\"gpar5\">Because that weighs many manufacturers apparently in false security and possibly lead to even years later simple mistakes can prove to be dangerous security vulnerabilities.\u00a0Manufacturers who have not applied the patches in such a case are then unnecessarily vulnerable.\u00a0A large part of the kernel community therefore describes all bugs as potentially security-relevant and recommends the use of currently maintained kernel versions and corresponding updates.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With a special fuzzer for kernel system calls from\u00a0Google\u00a0, extremely many bugs have been found in the USB stack of the\u00a0Linux kernel\u00a0.\u00a0Many of them are classified as critical vulnerabilities, which is true for all kernel bugs. The Syzkaller tool, created and developed with Google support, is intended to fuzzy operating<\/p>\n","protected":false},"author":3,"featured_media":1258,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[25],"tags":[],"class_list":["post-1256","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-internet-and-technology-news"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/google-linux.png?fit=1270%2C602&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7ISfL-kg","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":1341,"url":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/compiling-linux-kernels-under-ubuntu-or-debian-2\/","url_meta":{"origin":1256,"position":0},"title":"Compiling Linux kernels under Ubuntu or Debian","author":"Shreyash Sharma","date":"February 21, 2018","format":false,"excerpt":"Compiling a Linux kernel is not an everyday occurrence for most administrators.\u00a0It is all the more important\u00a0to know\u00a0the right\u00a0tools\u00a0when the time comes.\u00a0The following article shows examples of how Mainline \/ Vanilla Kernel and the distribution-specific\u00a0kernel are compiled\u00a0. \u00a0 Install required software The following packages are needed to compile: $ sudo\u2026","rel":"","context":"In &quot;Tutorials&quot;","block_context":{"text":"Tutorials","link":"https:\/\/www.virtono.com\/community\/category\/tutorial-how-to\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2018\/02\/kernel1.png?fit=400%2C225&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":1243,"url":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/compiling-linux-kernels-under-ubuntu-or-debian\/","url_meta":{"origin":1256,"position":1},"title":"Compiling Linux kernels under Ubuntu or Debian","author":"Daniel Draga","date":"November 6, 2017","format":false,"excerpt":"Compiling a Linux kernel is not an everyday occurrence for most administrators.\u00a0It is all the more important\u00a0to know\u00a0the right\u00a0tools\u00a0when the time comes.\u00a0The following article shows examples of how Mainline \/ Vanilla Kernel and the distribution-specific\u00a0kernel are compiled. Install required software The following packages are needed to compile: $ sudo apt-get\u2026","rel":"","context":"In &quot;Tutorials&quot;","block_context":{"text":"Tutorials","link":"https:\/\/www.virtono.com\/community\/category\/tutorial-how-to\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/517444-636210253990788094_270x480_thumb.jpg?fit=480%2C270&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":1195,"url":"https:\/\/www.virtono.com\/community\/tutorial-how-to\/remove-old-kernels-in-ubuntu\/","url_meta":{"origin":1256,"position":2},"title":"Remove Old Kernels in Ubuntu","author":"Shreyash Sharma","date":"October 27, 2017","format":false,"excerpt":"For\u00a0Ubuntu\u00a0installations (prior to Ubuntu version 15.10) with\u00a0separate \/ boot partition\u00a0, it may fill up\u00a0after installing several updates\u00a0.\u00a0The issue occurs because older kernel versions are not automatically removed.\u00a0In this article, we'll show you how to manually uninstall older kernel versions, freeing up space in the \/ boot partition. Problem Installing new\u2026","rel":"","context":"In &quot;Tutorials&quot;","block_context":{"text":"Tutorials","link":"https:\/\/www.virtono.com\/community\/category\/tutorial-how-to\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/10\/Aug30-Kernel-Team-Summary.png?fit=1200%2C675&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/10\/Aug30-Kernel-Team-Summary.png?fit=1200%2C675&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/10\/Aug30-Kernel-Team-Summary.png?fit=1200%2C675&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/10\/Aug30-Kernel-Team-Summary.png?fit=1200%2C675&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/10\/Aug30-Kernel-Team-Summary.png?fit=1200%2C675&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":2150,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/get-kernel-statistics-and-hardware-information\/","url_meta":{"origin":1256,"position":3},"title":"Get kernel statistics and hardware information","author":"Shreyash Sharma","date":"December 17, 2020","format":false,"excerpt":"When administering Linux systems, quick information about the installed kernel and the existing hardware is often helpful.\u00a0The \/ proc filesystem provides extensive information on the console. Solution:\u00a0Linux systems reveal a lot about themselves, you just have to know where to look.\u00a0The \/ proc file system, for example, allows\u00a0very detailed information\u2026","rel":"","context":"In &quot;Knowledgebase&quot;","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2020\/12\/Top-command1-1024x550-1.png?fit=1024%2C550&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2020\/12\/Top-command1-1024x550-1.png?fit=1024%2C550&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2020\/12\/Top-command1-1024x550-1.png?fit=1024%2C550&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2020\/12\/Top-command1-1024x550-1.png?fit=1024%2C550&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":1265,"url":"https:\/\/www.virtono.com\/community\/internet-and-technology-news\/kernel-hackers-want-to-use-yaml-for-hardware-description\/","url_meta":{"origin":1256,"position":4},"title":"Kernel hackers want to use Yaml for hardware description","author":"Daniel Draga","date":"November 10, 2017","format":false,"excerpt":"Device Tree Sources (DTS) are used in the\u00a0Linux kernel\u00a0for describing hardware and should in future be defined in the Yaml format.\u00a0That brings some benefits, say kernel developers. The Device Trees concept is used in the Linux kernel to describe hardware that would otherwise not be discovered.\u00a0The information about this hardware\u2026","rel":"","context":"In &quot;IT News&quot;","block_context":{"text":"IT News","link":"https:\/\/www.virtono.com\/community\/category\/internet-and-technology-news\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/69535.png?fit=200%2C200&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":1305,"url":"https:\/\/www.virtono.com\/community\/internet-and-technology-news\/cpu-bugs-have-been-known-since-june-2017-according-to-google\/","url_meta":{"origin":1256,"position":5},"title":"CPU bugs have been known since June 2017, according to Google","author":"Shreyash Sharma","date":"January 10, 2018","format":false,"excerpt":"Not only\u00a0Intel\u00a0is affected by the serious vulnerability in processors, by which attackers can read sensitive data.\u00a0Google's\u00a0Project Zero explains the functioning of the memory leaks and Linus Torvalds expects honesty. Intel wants to quickly take care of the vulnerability in processors, which has caused a sensation in recent days.\u00a0According to its\u2026","rel":"","context":"In &quot;IT News&quot;","block_context":{"text":"IT News","link":"https:\/\/www.virtono.com\/community\/category\/internet-and-technology-news\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2018\/01\/not_threaded.png?fit=1200%2C835&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2018\/01\/not_threaded.png?fit=1200%2C835&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2018\/01\/not_threaded.png?fit=1200%2C835&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2018\/01\/not_threaded.png?fit=1200%2C835&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2018\/01\/not_threaded.png?fit=1200%2C835&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/1256","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/comments?post=1256"}],"version-history":[{"count":1,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/1256\/revisions"}],"predecessor-version":[{"id":1257,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/1256\/revisions\/1257"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media\/1258"}],"wp:attachment":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media?parent=1256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/categories?post=1256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/tags?post=1256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}