lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <2024081904-encircle-crayon-8d16@gregkh>
Date: Mon, 19 Aug 2024 19:43:38 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: color Ice <wirelessdonghack@...il.com>
Cc: Alan Stern <stern@...land.harvard.edu>, kvalo@...nel.org,
	linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
	linux-wireless@...r.kernel.org, mark.esler@...onical.com,
	stf_xl@...pl, tytso@....edu
Subject: Re: Ubuntu RT2X00 WIFI USB Driver Kernel NULL pointer
 Dereference&Use-After-Free Vulnerability

On Mon, Aug 19, 2024 at 11:11:10PM +0800, color Ice wrote:
> On some TP-Link routers or routers running OpenWrt, as well as Raspberry Pi
> devices with a headless setup and BeagleBone boards, certain USB
> configurations are required by default. These devices typically grant
> higher permissions to USB by default. Therefore, on certain devices, I can
> run a PoC without using sudo. This explains why there are some inherent
> risk scenarios when declaring this vulnerability, as there are many Linux
> distributions applied to different embedded devices.

I suggest filing bugs with those distros/system images so that they
properly remove the ability for users to reset any random USB device
this way.  If any user can disconnect any driver from any device, that's
not a good system...

Also, why not dig into the code and try to come up with a fix while
waiting?  The code is all there for everyone to read and resolve, that
way you get the proper credit for fixing the issue as well.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ