"Code 10 Device Cannot Start" error for EHCI USB Controller devices in Device Manager in Windows Server 2012 R2

"Code 10 Device Cannot Start" error for EHCI USB Controller devices in Device Manager in Windows Server 2012 R2 This article describes an issue in which you receive a "Code 10 Device Cannot Start" error message for Enhanced Host Controller Interface EHCI USB Controller devices in Device Manager i...

Wudfhost.exe crashes when you plug in a USB-ICCD-compliant smart card device into a Windows computer

Wudfhost.exe crashes when you plug in a USB-ICCD-compliant smart card device into a Windows computer Symptoms Assume that you plug in a USB-ICCD-compliant smart card device into a computer that is running Windows 8, Windows Server 2012, Windows 7 Service Pack 1 SP1, or Windows Server 2008 R2 SP1...

CVE-2020-10263

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can i read Wi-Fi SSID or password, ii read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, iii use Text-To-Speech tools pretend...

CVE-2016-11041

An issue was discovered on Samsung mobile devices with KK4.4 software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 June 2016...

kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver

A vulnerability was found in hiddevopen in drivers/hid/usbhid/hiddev.c in the USB Human Interface Device class subsystem, where an existing device must be validated prior to its access. The device should also ensure the hiddevlist cleanup occurs at failure, as this may lead to a use-after-free...

kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver

A vulnerability was found in hiddevopen in drivers/hid/usbhid/hiddev.c in the USB Human Interface Device class subsystem, where an existing device must be validated prior to its access. The device should also ensure the hiddevlist cleanup occurs at failure, as this may lead to a use-after-free...

kernel: brcmfmac frame validation bypass

If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be...

kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS

A flaw was discovered in the Linux kernel's USB subsystem in the usbgetextradescriptor function in the drivers/usb/core/usb.c which mishandles a size check during the reading of an extra descriptor data. By using a specially crafted USB device which sends a forged extra descriptor, an unprivilege...

kernel: Null pointer dereference in the sound/usb/line6/pcm.c

A NULL pointer dereference flaw was found in the way the LINE6 drivers in the Linux kernel allocated buffers for USB packets. This flaw allows an attacker with physical access to the system to crash the system...

kernel: brcmfmac frame validation bypass

If the brcmfmac driver receives a firmware event frame from a remote source, the iswlceventframe function will cause this frame to be discarded and not be processed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be...

Product update: Virtuozzo 7.0 Update 13 (7.0.13-298)

The Update 13 for Virtuozzo 7.0 introduces new features and provides stability and usability bug fixes. It also introduces a new kernel 3.10.0-1062.12.1.vz7.131.10. Vulnerability id: PSBM-95072 'pstorage-target' files are left over after successful migrations of VMs on Virtuozzo Storage from...

The vulnerability of the Intel Renesas Electronics USB 3.0 driver lies in improper default access rights settings, allowing attackers to exploit their privileges.

The vulnerability of the Intel Renesas Electronics USB 3.0 driver is related to incorrect default access settings. Exploiting this vulnerability can allow attackers to gain increased privileges...

Samsung Mobile Device Authorization Issue Vulnerability (CNVD-2020-32862)

Android is a free and open source operating system from Google based on the Linux kernel without GNU components. An authorization issue vulnerability exists in Samsung mobile devices, which can be exploited by attackers to modify USB configuration without authentication...

CVE-2020-10850

An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 Exynos chipsets software. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. The Samsung ID is SVE-2019-15872 January 2020...

[SECURITY] Fedora 31 Update: ppp-2.4.7-34.fc31

The ppp package contains the PPP Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an ISP Internet Service Provider or other organization over a modem...

Hardware Router CTF

Here at Pen Test Partners we love hardware and also love a good CTF. So here's how I figured out my way through the hardware CTF that PTP set as a pre-requisite for some interviews. I'm pretty new to hardware, so learned quite a bit along the way. We have now moved on to a new 'interview' CTF so,...

Unspecified Vulnerability in XIAOMI AI speaker MDZ-25-DT

Xiaomi AI speaker MDZ-25-DT is a smart speaker device from Chinese company Xiaomi Technology Xiaomi. A security vulnerability exists in XIAOMI AI speaker MDZ-25-DT version 1.34.36 and 1.40.14. An attacker can exploit this vulnerability by sending a UART interface to obtain a root shell, read the...

CVE-2019-10804

serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...

Input validation

serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...

CVE-2019-10804

serial-number through 1.3.0 allows execution of arbritary commands. The "cmdPrefix" argument in serialNumber function is used by the "exec" function without any validation...