Andrey Konovalov from Google 15 vulnerabilities in USB drivers offered in the Linux kernel. This is the second set of problems found during fuzzing testing - in 2017, this researcher there are 14 more vulnerabilities in the USB stack. Problems can potentially be exploited when specially prepared USB devices are connected to the computer. An attack is possible if there is physical access to the equipment and can lead at least to the collapse of the kernel, but other manifestations are not excluded (for example, for a similar in usb driver snd-usbmidi succeeded to execute code at the kernel level).
Of the 15 issues, 13 have already been fixed in current Linux kernel updates, but two vulnerabilities (CVE-2019-15290, CVE-2019-15291) remain unpatched in the latest 5.2.9 release. Unpatched vulnerabilities could cause the ath6kl and b2c2 drivers to dereference the NULL pointer when invalid data is received from the device. Other vulnerabilities include:
- Calls to already freed memory areas (use-after-free) in v4l2-dev/radio-raremono, dvb-usb, sound/core, cpia2 and p54usb drivers;
- Double free memory (double-free) in the rio500 driver;
- NULL pointer dereferences in yurex, zr364xx, siano/smsusb, sisusbvga, line6/pcm, motu_microbookii and line6 drivers.
Source: opennet.ru