usbmuxd Path Traversal Vulnerability

MEDIUM (5.7) No Patch (4 days)
cwe-35kernellinuxpath-traversalprivilege-escalationusb-muxd

Threat Intelligence

Low Risk
EPSS Score: 0.01% chance of exploitation (percentile: 2%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

usbmuxd is a Linux-based USB multiplexing service used to manage and control USB devices. It's responsible for handling device enumeration, data transfer, and other USB-related tasks. This vulnerability allows local users to escalate their privileges by manipulating the USB device hierarchy.

Am I affected?

You're affected if you use A Path Traversal vulnerability. Affected versions: 3 If you don't recognise this software, you're probably not affected.

Affected Products

Linux Kernel Team / usbmuxd

How to fix

To fix this vulnerability, upgrade to usbmuxd version 3ded00c9985a5108cfc7591a309f9a23d57a8cba or later. You can download the latest version from the official Linux kernel repository: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

Immediate mitigations:

  • Restrict access to the usbmuxd service using SELinux or AppArmor policies.
  • Monitor system logs for suspicious USB device activity.

References