Security researchers have discovered a few programming errors in USB drivers. Many of them concern different Linux kernel versions; some of these Linux bugs were given CVE numbers due to the high security risks they pose. Other bugs affect Windowsv10.
There is therefore no acute need for users to take action more. That could change, because from the researchers perspective, security-related problems continue to exist, at least for Microsoft. Experts are in contact with both companies to initiate a CVE assignment for the problems found. During the corona virus pandemic, they received little feedback from the companies. The freshly published white paper on the research findings at least shows that two of the macOS bugs could lead to an unplanned reboot and the others could freeze the system. It remains unclear whether, how and with what effort exploits are possible.
Fuzzing tools, are applications that security researchers use to generate large amounts of invalid or random data for input to other programs. They then examine the reaction of the tested software to the inputs in order to find errors that can possibly be exploited for hacker attacks. USBFuzz is specifically designed for USB drivers. First and foremost, USBFuzz uses a device emulated by software to pass on random device data to the driver. Since the emulated USB device works at device level, transferring it to other platforms is very easy.At its core, USBFuzz uses a software emulated USB device to send drivers random device data.
Information Passed On To Developers
Users want to reduce the burden on the kernel developers when fixing the reported vulnerabilities. Some of these errors have been corrected. They were classified as safety relevant.