About CVE-2022-25375

Preface: In 2017, half of the world’s top 50 supercomputers used SUSE Enterprise Linux Server. Why does Linux dominate especially in supercomputer market? Linux is a free, open source operating system (OS), released under the GNU General Public License (GPL). Anyone can inspect or modify software “Source code”. Because of Linux cluster break the traditional technology limitation. Even though system developers does not have skill to develop CPU switch (crossbar) and related technology belongs. But they can modify the Linux OS and learn by Linux cluster technique. Finally, they can build their customized super power computing system. If you do a review of the top computer in the world, you will found that more and more super power computing systems are using Linux clustering technology.
Therefore the proprietary technology is not a giant anymore.
As a result, computer programmers can manipulate code to change the way software (“programs” or “applications”) works.

Background: This software (rndis.c) was originally developed in conformance with Microsoft’s Remote NDIS Specification License Agreement.

RNDIS refers to Remote NDIS. The implementation of RNDIS based on USB is actually TCP/IP over USB, which is to tun TCP/IP on the USB device, making the USB device look like a network card. With fast bridge cable, USB 3.1 could deliver a point to point network much faster than 1000-Base-T.

Vulnerability details: The RNDIS_MSG_SET usb control transfer request handler – rndis_set_response calls gen_ndis_set_resp passing a buffer pointer offset by BufOffset + 8. The BufOffset variable is retrieved from the RNDIS message and not validated to respect buffer boundaries. Consequently by manipulating the four byte InformationBufferOffset member of rndis_set_msg_type an attacker may offset the actual buffer by up to 0xffffffff bytes. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.

Remark: The meaning of GADGET is an often small mechanical or electronic device with a practical use but often thought of as a novelty.

Remedy: Please refer to the link for details – https://github.com/torvalds/linux/commit/38ea1eac7d88072bbffb630e2b3db83ca649b826

Ref: USB 3.1 Gen 1 and Gen 2 offer stimultaneous media rate connection of 5GB/s and 10Gb/s in each direction. As a result USB 3.1 will be faster than 1000-Base-T. Furthermore, a USB bus can have up to 127 target devices, but only one host.
But Linux is flexible since you can read the source code. If you apply your imagination to design your own system. As we know, a USB bus can have up to 127 target devices, but only one host. If you apply Linux clustering concept. Form a new array to a group of array host with ethernet connectivity. So, it can be expandable.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.