Tuesday, April 22, 2025
Follow us On Linkedin
HomeCVE/vulnerabilityMultiple Denial of Service Vulnerabilities Discovered in Linux kernel USB Subsystem

Multiple Denial of Service Vulnerabilities Discovered in Linux kernel USB Subsystem

CVE/vulnerability

Published on

By Balaji
Multiple Denial of Service Vulnerabilities Discovered in Linux kernel USB Subsystem

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Multiple vulnerabilities found in Linux USB drivers that included with Linux kernel USB subsystem. It can be triggered by an attacker who has a physical access to the machine.

These bugs allow attackers to induce a denial of service and to insert malicious scripts or to escalate privileges if they get physical access.

All the vulnerabilities are discovered by Google Security expert Andrey Konovalov and they have been reported to Linux Community. He found 79 kernel bugs and only 14 reported now.

CVEs – Linux USB

According to Finding Report, Below are the details for 14 vulnerabilities found with syzkaller in the Linux kernel USB subsystem. All of them can be triggered with a crafted malicious USB device in case an attacker has physical access to the machine.

- Advertisement - Google News
CVE-2017-16525 
CVE-2017-16526
CVE-2017-16527
CVE-2017-16528
CVE-2017-16529
CVE-2017-16530
CVE-2017-16531
CVE-2017-16532
CVE-2017-16533
CVE-2017-16534
CVE-2017-16535
CVE-2017-16536
CVE-2017-16537
CVE-2017-16538

These vulnerabilities found using syzkaller a Google fuzzing tools that support for akaros, freebsd, fuchsia, netbsd, and windows are supported to varying degrees.

Also Read Linux Exploit Suggester – A Kali Linux Tool to Find the Linux OS Kernel Exploits

Syzkaller detects a kernel crash and it will automatically start the process of reproducing this crash and then minimize the program that caused it. To download syzkaller.

Tools to Harden Linux Security

Lynis a famous open source security auditing tool designed to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. For more detailed explanation on Lynis.

After the scan, a report will be displayed with all discovered findings.Lynis assists auditors in performing Basel II, GLBA, HIPAA, PCI DSS and SOX (Sarbanes-Oxley) compliance audits.

Researchers from the University of London present POTUS tool which automatically finding vulnerabilities in USB device drivers for Linux system.It is capable of detecting zero-days. They found and confirmed two previously undiscovered zero-days in the mainline Linux kernel with POTUS tool.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

cyber security

Hackers Exploit Cloudflare Tunnel Infrastructure to Deploy Multiple Remote Access Trojans

The Sekoia TDR (Threat Detection & Research) team has reported on a sophisticated network...
cyber security

Threat Actors Leverage npm and PyPI with Impersonated Dev Tools for Credential Theft

The Socket Threat Research Team has unearthed a trio of malicious packages, two hosted...
cyber security

Hackers Exploit Legitimate Microsoft Utility to Deliver Malicious DLL Payload

Hackers are now exploiting a legitimate Microsoft utility, mavinject.exe, to inject malicious DLLs into...
Cyber Attack

Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs

Small and midsized businesses (SMBs) continue to be prime targets for cybercriminals, with network...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

CVE/vulnerability

TP-Link Router Vulnerabilities Allow Attackers to Execute Malicious SQL Commands

Cybersecurity researchers have uncovered critical SQL injection vulnerabilities in four TP-Link router models, enabling...
CVE/vulnerability

PoC Released for Critical Unauthenticated Erlang/OTP RCE Vulnerability

A critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH implementation (CVE-2025-32433) has now...
CVE/vulnerability

Critical Flaw in Windows Update Stack Enables Code Execution and Privilege Escalation

A newly discovered vulnerability in the Windows Update Stack, tracked as CVE-2025-21204, has sent...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved