News

Researcher finds four security vulnerabilities in Linux kernel driver – update

By admin
Spread the love

A security researcher has found four bugs in a non-default driver in the Linux kernel. As a result, malicious parties can crash the driver via specially prepared network packets, resulting in security vulnerabilities.

Security researcher Jason Donenfeld, who discovered the bugs, exposes the vulnerability on the Linux kernel’s mailing list. These are security vulnerabilities in the ozwpan driver in the Linux kernel, which allows communication with USB devices via WiFi. The driver is not included by default: users have to install it themselves.

With specially prepared packets, an attacker can send a packet of death, which crashes the driver in question. Crashes are dangerous: that’s when an attacker can inject their own code in certain cases. It is unclear whether this is also the case in this case, but researcher Donenfeld does label his found bugs as security problems.

To exploit security vulnerabilities with the ozwpan driver, an attacker must be on the same Wi-Fi network as his victim. According to Donenfeld, there are further problems with the ozwpan driver, which he has not yet been able to investigate further. For example, the length of certain parameters is not properly controlled; that could allow an attacker to access the memory.

Update, 11:53: Clarifies that this is a driver that is not included.

You might also like
News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Nvidia releases GeForce RTX 4060 Ti variant with 16GB memory

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

‘AMD wants to sell Radeon RX 7700 and RX 7800 series from September’