Researcher finds four security vulnerabilities in Linux kernel driver – update
A security researcher has found four bugs in a non-default driver in the Linux kernel. As a result, malicious parties can crash the driver via specially prepared network packets, resulting in security vulnerabilities.
Security researcher Jason Donenfeld, who discovered the bugs, exposes the vulnerability on the Linux kernel’s mailing list. These are security vulnerabilities in the ozwpan driver in the Linux kernel, which allows communication with USB devices via WiFi. The driver is not included by default: users have to install it themselves.
With specially prepared packets, an attacker can send a packet of death, which crashes the driver in question. Crashes are dangerous: that’s when an attacker can inject their own code in certain cases. It is unclear whether this is also the case in this case, but researcher Donenfeld does label his found bugs as security problems.
To exploit security vulnerabilities with the ozwpan driver, an attacker must be on the same Wi-Fi network as his victim. According to Donenfeld, there are further problems with the ozwpan driver, which he has not yet been able to investigate further. For example, the length of certain parameters is not properly controlled; that could allow an attacker to access the memory.
Update, 11:53: Clarifies that this is a driver that is not included.