Changing the Colors of Your Keyboard Might Lead to Privilege Escalation

Explore the unexpected security implications of gaming peripherals in this 35-minute conference talk from nullcon. Delve into the research process of analyzing Razer's Linux kernel module, uncovering multiple 0-day vulnerabilities (CVE-2022-29021, CVE-2022-29022, CVE-2022-29023) that are surprisingly influenced by RGB color settings. Witness a live demonstration of exploiting these bugs and their impact on the kernel. Examine modern kernel mitigation techniques that reduce the severity of buffer overflow vulnerabilities, tracing their implementation history with examples. Gain insights into the future landscape of Linux kernel bug hunting from both developer and attacker perspectives, highlighting the often-overlooked security considerations of peripheral device software.