“All of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine,” Konovalov said.
Konovalov has found a total of 79 Linux USB-related bugsThe 14 flaws are actually part of a larger list of 79 flaws Konovalov found in Linux kernel USB drivers during the past months. Not all of these 79 vulnerabilities have been reported, let alone patched.
Most are simple DoS (Denial of Service) bugs that freeze or restart the OS, but some allow attackers to elevate privileges and execute malicious code.All bugs Konovalov discovered were found using syzkaller, a tool developed by Google that finds security bugs via a technique known as fuzzing.
Source: Linux Has a USB Driver Security Problem
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft