The University of Florida Department of Electrical and Computer Engineering FICS Research Assistant Professor Dr. Yavuz has detected a double-free and use-after-free vulnerability in a Linux USB driver, usbtv driver, using a new static analysis tool MOXCAFE that was developed in her Systems Reliability Lab. The vulnerability has been reported to MITRE and has been identified as CVE-2017-17975. This vulnerability allows physically proximate attackers to execute arbitrary code in cooperation with a locally running malicious code. The vulnerable driver is used for audio-video grabber devices. A patch has been submitted to the Linux security team.
MOXCAFE is a novel static analysis tool for detecting deep vulnerabilities that involve implicit callbacks. Callback mechanism is utilized extensively in large frameworks such as operating system kernels to achieve extensibility. However, callback mechanism introduces implicit control-flow dependencies that make program comprehension and analysis difficult. Unfortunately, precise program analysis techniques do not scale for applications such as device drivers that are developed for large frameworks.
MOXCAFE uses a staged approach to the analysis of interactions between an application module and rest of the framework. It uses a light-weight static analysis on a given application module and the framework modules it depends on to extract implicit control-flow dependencies. Specifically, it extends the basic call graph of the application module with implicit edges to guide a more precise and expensive inter-procedural analysis on the application module. MOXCAFE has been implemented using the LLVM static analysis framework and has been applied to a variety of Linux USB device drivers including the usbtv driver. This discovery demonstrates great advancement for project members Dr. Tuba Yavuz and undergraduate researcher Cody Lent.