This week we have exploit code published for a possible zero-day
vulnerability in products from Siemens.
Google Security Research published
exploit code for a race condition vulnerability in Siemens R3964 line
discipline code, a Linux driver that allows synchronous communication with
devices using the Siemens R3964 packet protocol. The Google report notes that
this vulnerability is fixed, but according to the Linux
folks that fix is simply marking the code as ‘broken’. The Linux
researcher notes that:
The n_r3964 line discipline driver
was written in a different time, when SMP machines were rare, and users were
trusted to do the right thing. Since then, the world has moved on but not this
code, it has stayed rooted in the past with its lovely hand-crafted list
structures and loads of "interesting" race conditions all over the
place.
After attempting to clean up most
of the issues, I just gave up and am now marking the driver as BROKEN so that
hopefully someone who has this hardware will show up out of the woodwork (I
know you are out there!) and will help with debugging a raft of changes that I
had laying around for the code, but was too afraid to commit as odds are they
would break things.
I am a tad bit over my head here technically, but this looks
like a GNU library issue; part of the larger issue that Siemens is dealing
with. The CVE for this vulnerability (CVE-2019-11486) was not included in the
most recent Siemens
advisory for the GNU library issues, but that is hardly surprising since
the CVE was issued after the latest update to the Siemens advisory. These issues have still not been addressed by NCCIC-ICS.
Posts
No comments:
Post a Comment