oss-sec mailing list archives
Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2
From: Mathias Payer <mathias.payer () nebelwelt net>
Date: Thu, 22 Aug 2019 16:00:15 -0400
On 8/22/19 3:33 PM, Eddie Chapman wrote:
On 22/08/2019 20:00, Perry E. Metzger wrote:You can argue anything you like. Power charging points have popped up around the world, and you're not in a position to stop them. Furthermore, I'll note that over the air exploitable bugs in things like WiFi stacks and Bluetooth stacks have also appeared over time; perhaps it's foolish to have your phone on at all, and yet people will continue to turn their phones on, and even to use them. PerryWell, I certainly am not deluded enough to think I have the power to stop power charging points popping up everywhere :-) Or to stop people making mistakes. Just because something is possible and everyone else does it doesn't make something less stupid.
I would also like to point out the availability of USB-over-Ethernet and USB-over-IP [1] that exposes such endpoints to the network. Especially in data centers where KVMs are virtualized, such systems seem to be commonly used. Considering that USB can be routed over networks (with extensions/additional hardware), these bugs should also be evaluated under a different angle. Cheers, Mathias [1] https://www.newegg.com/p/pl?d=usb+over+ip
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2, (continued)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Brad Spengler (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Jeremy Stanley (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 John Haxby (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Kurt H Maier (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Mathias Payer (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Stuart D. Gathman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Perry E. Metzger (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Eddie Chapman (Aug 22)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Greg KH (Aug 23)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Andrey Konovalov (Sep 27)
- Re: Linux kernel: multiple vulnerabilities in the USB subsystem x2 Tyler Hicks (Sep 27)