From: Greg KH <gregkh@linuxfoundation.org>
To: color Ice <wirelessdonghack@gmail.com>
Cc: Alan Stern <stern@rowland.harvard.edu>,
kvalo@kernel.org, linux-kernel@vger.kernel.org,
linux-usb@vger.kernel.org, linux-wireless@vger.kernel.org,
mark.esler@canonical.com, stf_xl@wp.pl, tytso@mit.edu
Subject: Re: Ubuntu RT2X00 WIFI USB Driver Kernel NULL pointer Dereference&Use-After-Free Vulnerability
Date: Mon, 19 Aug 2024 19:43:38 +0200 [thread overview]
Message-ID: <2024081904-encircle-crayon-8d16@gregkh> (raw)
In-Reply-To: <CAOV16XFYeWdT4tSpLWoE+pCVsNERXKJQCJvJovrfsgMn1PMzbA@mail.gmail.com>
On Mon, Aug 19, 2024 at 11:11:10PM +0800, color Ice wrote:
> On some TP-Link routers or routers running OpenWrt, as well as Raspberry Pi
> devices with a headless setup and BeagleBone boards, certain USB
> configurations are required by default. These devices typically grant
> higher permissions to USB by default. Therefore, on certain devices, I can
> run a PoC without using sudo. This explains why there are some inherent
> risk scenarios when declaring this vulnerability, as there are many Linux
> distributions applied to different embedded devices.
I suggest filing bugs with those distros/system images so that they
properly remove the ability for users to reset any random USB device
this way. If any user can disconnect any driver from any device, that's
not a good system...
Also, why not dig into the code and try to come up with a fix while
waiting? The code is all there for everyone to read and resolve, that
way you get the proper credit for fixing the issue as well.
thanks,
greg k-h
next prev parent reply other threads:[~2024-08-19 17:43 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAOV16XESCK0-sMENJFxvWiKqogBJ4PQwA2DvJBvWq-g+NtV8ow@mail.gmail.com>
[not found] ` <ZqyWpovXcaAX2f5c@aeon>
[not found] ` <87wmky7i3l.fsf@kernel.org>
2024-08-03 6:31 ` Ubuntu RT2X00 WIFI USB Driver Kernel NULL pointer Dereference&Use-After-Free Vulnerability Greg KH
2024-08-03 7:57 ` LidongLI
2024-08-05 2:18 ` LidongLI
2024-08-05 2:20 ` LidongLI
2024-08-05 6:55 ` Greg KH
2024-08-05 8:33 ` LidongLI
2024-08-05 18:33 ` Greg KH
2024-08-05 18:37 ` Greg KH
2024-08-06 1:59 ` LidongLI
2024-08-06 3:06 ` Theodore Ts'o
2024-08-06 13:38 ` Alan Stern
[not found] ` <CAOV16XF8cEg7+HAFQiCUrt9-Dp4M+-TANjQqRXH87AAdgzmNMg@mail.gmail.com>
2024-08-06 18:36 ` Alan Stern
2024-08-07 1:56 ` color Ice
2024-08-06 2:34 ` LidongLI
2024-08-06 3:54 ` LidongLI
2024-08-06 6:34 ` Greg KH
2024-08-06 6:35 ` Greg KH
2024-08-06 12:45 ` Theodore Ts'o
2024-08-07 2:11 ` LidongLI
2024-08-14 5:58 ` LidongLI
2024-08-14 14:55 ` Alan Stern
2024-08-19 10:49 ` color Ice
2024-08-19 10:56 ` Greg KH
[not found] ` <CAOV16XFYeWdT4tSpLWoE+pCVsNERXKJQCJvJovrfsgMn1PMzbA@mail.gmail.com>
2024-08-19 17:43 ` Greg KH [this message]
2024-08-21 8:25 ` color Ice
2024-08-21 14:06 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2024081904-encircle-crayon-8d16@gregkh \
--to=gregkh@linuxfoundation.org \
--cc=kvalo@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=mark.esler@canonical.com \
--cc=stern@rowland.harvard.edu \
--cc=stf_xl@wp.pl \
--cc=tytso@mit.edu \
--cc=wirelessdonghack@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).