Re: [PATCH] USB: disable all RNDIS protocol drivers

From: Kalle Valo
Date: Wed Nov 23 2022 - 10:21:54 EST


Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> writes:

> The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on
> any system that uses it with untrusted hosts or devices. Because the
> protocol is impossible to make secure, just disable all rndis drivers to
> prevent anyone from using them again.
>
> Windows only needed this for XP and newer systems, Windows systems older
> than that can use the normal USB class protocols instead, which do not
> have these problems.
>
> Android has had this disabled for many years so there should not be any
> real systems that still need this.
>
> Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
> Cc: Eric Dumazet <edumazet@xxxxxxxxxx>
> Cc: Jakub Kicinski <kuba@xxxxxxxxxx>
> Cc: Paolo Abeni <pabeni@xxxxxxxxxx>
> Cc: Kalle Valo <kvalo@xxxxxxxxxx>
> Cc: Oleksij Rempel <linux@xxxxxxxxxxxxxxxx>
> Cc: "Maciej Żenczykowski" <maze@xxxxxxxxxx>
> Cc: Neil Armstrong <neil.armstrong@xxxxxxxxxx>
> Cc: Mauro Carvalho Chehab <mchehab@xxxxxxxxxx>
> Cc: Andrzej Pietrasiewicz <andrzejtp2010@xxxxxxxxx>
> Cc: Jacopo Mondi <jacopo@xxxxxxxxxx>
> Cc: "Łukasz Stelmach" <l.stelmach@xxxxxxxxxxx>
> Cc: Laurent Pinchart <laurent.pinchart@xxxxxxxxxxxxxxxx>
> Cc: linux-usb@xxxxxxxxxxxxxxx
> Cc: netdev@xxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> Cc: linux-wireless@xxxxxxxxxxxxxxx
> Reported-by: Ilja Van Sprundel <ivansprundel@xxxxxxxxxxxx>
> Reported-by: Joseph Tartaro <joseph.tartaro@xxxxxxxxxxxx>
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> ---
> Note, I'll submit patches removing the individual drivers for later, but
> that is more complex as unwinding the interaction between the CDC
> networking and RNDIS drivers is tricky. For now, let's just disable all
> of this code as it is not secure.
>
> I can take this through the USB tree if the networking maintainers have
> no objection. I thought I had done this months ago, when the last round
> of "there are bugs in the protocol!" reports happened at the end of
> 2021, but forgot to do so, my fault.
>
> drivers/net/usb/Kconfig | 1 +
> drivers/net/wireless/Kconfig | 1 +

For wireless:

Acked-by: Kalle Valo <kvalo@xxxxxxxxxx>

Feel free to take this via your tree.

--
https://patchwork.kernel.org/project/linux-wireless/list/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches