On FreeBSD A vulnerability in the USB stack (CVE-2020-7456) that allows code execution at the kernel level or in user space when a malicious USB device is connected to the system. USB HID (Human Interface Device) device descriptors can put and retrieve the current state, allowing item descriptions to be organized into multi-level groups. FreeBSD supports up to 4 of these extraction levels. If the level was not restored when processing the same HID element, an invalid memory area is accessed. The issue has been fixed in the FreeBSD 11.3-RELEASE-p10 and 12.1-RELEASE-p6 updates. As a security workaround, it is recommended to set the parameter "sysctl hw.usb.disable_enumeration=1".
The vulnerability was identified by Andy Nguyen from Google and does not overlap with another issue recently researchers from Purdue University and the Federal Polytechnic School of Lausanne. These researchers have developed the USBFuzz toolkit, which simulates a malfunctioning USB device to fuzz test USB drivers. USBFuzz coming soon . With the help of the new tool, 26 vulnerabilities were identified, of which 18 in Linux, 4 in Windows, 3 in macOS and one in FreeBSD. Details about these problems have not yet been disclosed, it is only mentioned that CVE identifiers have been obtained for 10 vulnerabilities, and 11 problems that appear in Linux have already been fixed. Similar fuzzing testing technique Andrey Konovalov from Google, who over the past few years on a Linux USB stack.
Source: opennet.ru