Fixes MIA for Many Linux Kernel Flaws

November 15, 2017 RUSS WICKLESS

A Google code security researcher's recent discovery of 14 flaws in Linux kernel USB drivers led to last-minute fixes in the Linux 4.14 release candidate code set for distribution on Sunday.

The flaws, which Google researcher Andrey Konovalov disclosed earlier this week, affect the Linux kernel before version 4.13.8.

All 14 have available fixes. However, they are part of a much larger group of 79 flaws affecting the Linux kernel's USB drivers, some of which remain unpatched.

Within this larger group of coding flaws, 22 now have a Common Vulnerabilities and Exposures number, and fixes are available for them.

However, many of the flaws have not been fixed, according to Konovalov.

Konovalov found the flaws using a kernel fuzzer called "syzkaller," created by another Google security researcher, Dmitry Vyukov. The technique involves throwing large volumes of random code at a target piece of software in an attempt to cause crashes.

"All of the exploits require physical access to a computer, so the attack vector is limited to social engineering engagements," noted Russ Wickless, a senior penetration tester at Schellman & Company.

"None of these look like they can be deployed over the Internet," he told LinuxInsider.

Read More:

Previous Article
GDPR & Equifax Breach: The Hypothetical
GDPR & Equifax Breach: The Hypothetical

On September 7, 2017, Equifax, a credit protection services company and one of three major consu...

Next Article
Clarifying the FedRAMP Penetration Test Requirements
Clarifying the FedRAMP Penetration Test Requirements

As a Third Party Assessment Organization (3PAO), Schellman regularly conducts FedRAMP assessment...


Subscribe now
to receive content updates once a week

First Name
Error - something went wrong!