Recently discovered Linux flaws are now fixable
A discovery of a Google code security researcher has brought 14 flaws in Linux kernel USB drivers into the light last week and it in turn has led to a last minute fix in the Linux 4.14 release candidate code set which was in due to be distributed last Sunday. The flaws, which Google researcher Andrey Konovalov disclosed earlier this week, affect the Linux kernel before version 4.13.8.
All the 14 flaws are now covered with plausible fixes, but they are now tagged as a part of a much larger group that contains 79 flaws affecting the Linux kernel' s USB drivers, some of which remain un-patched. Within this larger group of coding flaws, 22 now have a Common Vulnerabilities and Exposures number, for which fixes are available.
However, many of the flaws have not been fixed, according to Konovalov. Konovalov found the flaws using a kernel fuzzer called " syzkaller," created by another Google security researcher, Dmitry Vyukov. The technique involves throwing large volumes of random code at a target piece of software in an attempt to cause crashes.
Further, according to Konovalov, Attackers must have physical access to the computer in order to carry out the attack. It is believed that those flaws can be used to hack even the air grapped systems which are not connected to the internet.
Comments ( 0 )
No comments available