CVE-2016-2384 - Exploiting a double-free in the Linux kernel USB MIDI driver
While playing around with the vUSBf kernel fuzzer, I found a vulnerability (CVE-2016-2384) in the Linux kernel USB MIDI driver. I reproduced the bug with a Facedancer21 board and wrote an exploit to gain code execution within the kernel. My exploit requires user space cooperation, but the bug is exploitable externally provided one finds the right primitives.
The bug in the USB MIDI driver is a double-free of a
kmalloc-512object, which occurs when a malicious USB device is plugged in. The vulnerability is only present if the USB MIDI module is enabled, but this is the case for many modern distributions. The bug has been fixed in the mainline kernel by Takashi Iwai. CVE-2016-2384: Exploiting a double-free in the Linux kernel USB MIDI driver
Nickname: