Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 22 Aug 2019 16:00:15 -0400
From: Mathias Payer <mathias.payer@...elwelt.net>
To: oss-security@...ts.openwall.com, Eddie Chapman <eddie@...k.net>
Subject: Re: Linux kernel: multiple vulnerabilities in the USB
 subsystem x2



On 8/22/19 3:33 PM, Eddie Chapman wrote:
> On 22/08/2019 20:00, Perry E. Metzger wrote:
>> You can argue anything you like. Power charging points have popped up
>> around the world, and you're not in a position to stop
>> them. Furthermore, I'll note that over the air exploitable bugs in
>> things like WiFi stacks and Bluetooth stacks have also appeared over
>> time; perhaps it's foolish to have your phone on at all, and yet
>> people will continue to turn their phones on, and even to use them.
>>
>> Perry
> 
> Well, I certainly am not deluded enough to think I have the power to stop power
> charging points popping up everywhere :-) Or to stop people making mistakes.
> Just because something is possible and everyone else does it doesn't make
> something less stupid.

I would also like to point out the availability of USB-over-Ethernet and
USB-over-IP [1] that exposes such endpoints to the network. Especially in data
centers where KVMs are virtualized, such systems seem to be commonly used.

Considering that USB can be routed over networks (with extensions/additional
hardware), these bugs should also be evaluated under a different angle.

Cheers,
Mathias

[1] https://www.newegg.com/p/pl?d=usb+over+ip



Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.