oss-sec mailing list archives

Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2

From: Mathias Payer <mathias.payer () nebelwelt net>
Date: Thu, 22 Aug 2019 16:00:15 -0400



On 8/22/19 3:33 PM, Eddie Chapman wrote:

On 22/08/2019 20:00, Perry E. Metzger wrote:

You can argue anything you like. Power charging points have popped up
around the world, and you're not in a position to stop
them. Furthermore, I'll note that over the air exploitable bugs in
things like WiFi stacks and Bluetooth stacks have also appeared over
time; perhaps it's foolish to have your phone on at all, and yet
people will continue to turn their phones on, and even to use them.

Perry


Well, I certainly am not deluded enough to think I have the power to stop power
charging points popping up everywhere :-) Or to stop people making mistakes.
Just because something is possible and everyone else does it doesn't make
something less stupid.


I would also like to point out the availability of USB-over-Ethernet and
USB-over-IP [1] that exposes such endpoints to the network. Especially in data
centers where KVMs are virtualized, such systems seem to be commonly used.

Considering that USB can be routed over networks (with extensions/additional
hardware), these bugs should also be evaluated under a different angle.

Cheers,
Mathias

[1] https://www.newegg.com/p/pl?d=usb+over+ip

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2, (continued)
- - - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Brad Spengler (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Jeremy Stanley (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 John Haxby (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Kurt H Maier (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Mathias Payer (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Stuart D. Gathman (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 23)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Tyler Hicks (Sep 27)
  - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov (Sep 27)
    - Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Tyler Hicks (Sep 27)