During EUHubs4Data IoT-SESOD project, Binare team has discovered most common & severe security flaws and wants to share its findings:
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
“Top 5 security vulnerabilities” group is formed by 2 most common flaws of HIGH severity & 3 most common flaws of MEDIUM severity (see CVSS scores in the image below).
Binare Team wants to highlight that both high-severity & medium-severity flaws have same negative outcome in terms of brand reputation & financial health of a company once they are exploited by malicious hackers.
Got worried about your IoT device security? Binare is here to help! Binare’s automated IoT firmware management & monitoring platform will scan your IoT device like an X-Ray machine for most common security threats 🔓 and advise on how to fix them 🔧
About EUHubs4Data IoT-SESOD Project:
IoT-SESOD aims to run closed-loop system experiment producing cybersecurity dataset(s), namely generating complete and accurate (I)IoT firmware SBoMs and their always-up-to-date vulnerability (CVE) mappings.
By 2025, 80% of the data will be processed by IoT devices, though many times they are “black-boxes” from UI/UX and cybersecurity perspectives. New security reports are regularly published about new vulnerabilities in IoT devices. Many of those vulnerabilities are the result of integration/reuse of (vulnerable) software components, as well as discovery of new vulnerabilities in thought-to-be-secure components. The reuse of (vulnerable) components has a high negative impact as it increases many-fold the attack surface and entry-points to production and home networks. Most of the times, it is hard/impossible to know what is running inside an IoT device/firmware and whether (vulnerable) components are reused, as most IoT firmware comes in binary packages and vendors almost never publish software composition also known as Software Bill of Materials (SBoM).
Binare.io is a recent deep-tech cybersecurity spinoff from University of Jyvaskyla. Binare develops advanced automated solutions for (I)IoT cybersecurity. Binare’s flagship: IoT Firmware Analysis and Monitoring platform provides full automation and integration with both DevOps/SecOps pipelines to improve (I)IoT device security throughout its lifecycle.
Take a step towards security of your IoT device already today by trying our FREE Demo!
Link to our FREE Demo: https://demo.dashboard.binare.io/user/register
Source of CVE-descriptions used in the blog post: