Achieving Linux Kernel Code Execution Through a Malicious USB Device

Explore a Black Hat conference talk that delves into exploiting a forgotten vulnerability in the USB stack of the Linux kernel. Learn about CVE-2016-2384, originally discovered by Andrey Konovalov, and how it can be used to gain root access on a seemingly secure Linux-based device. Discover the intricacies of USB-based attacks, the USB probing process, and exploitation techniques. Examine the development environment using QEMU, payload delivery methods, and exploit design. Understand the challenges faced during the attack, potential exploit mitigations, and the applicability of this vulnerability. Gain insights into the exploitation requirements and key takeaways from this 33-minute presentation by Martijn Bogaard and Dana Geist.

Intro
Why USB based attacks?
CVE-2016-2384: what is it about?
USB probing process
CVE-2016-2384: what happens with the heap?
The midi object
Exploitation primitive
USB HID Probing
Development environment: QEMU
Payload delivery method
Where to hijack the code?
Payload design
Exploit payload
Run shell commands
Attack challenges
Exploit mitigations
Applicability
Exploitation Requirements
Takeaways