A Google code security researcher's recent discovery of 14 flaws in Linux kernel USB drivers led to last-minute fixes in the Linux 4.14 release candidate code set for distribution on Sunday.
The flaws, which Google researcher Andrey Konovalov disclosed earlier this week, affect the Linux kernel before version 4.13.8.
All 14 have available fixes. However, they are part of a much larger group of 79 flaws affecting the Linux kernel's USB drivers, some of which remain unpatched.
Within this larger group of coding flaws, 22 now have a Common Vulnerabilities and Exposures number, and fixes are available for them.
However, many of the flaws have not been fixed, according to Konovalov.
Konovalov found the flaws using a kernel fuzzer called "syzkaller," created by another Google security researcher, Dmitry Vyukov. The technique involves throwing large volumes of random code at a target piece of software in an attempt to cause crashes.
"All of the exploits require physical access to a computer, so the attack vector is limited to social engineering engagements," noted Russ Wickless, a senior penetration tester at Schellman & Company.
"None of these look like they can be deployed over the Internet," he told LinuxInsider.
Read More: linuxinsider.com