On 26/07/2023 11:24, Alexander Ploumistos wrote:
What Dominik wrote would apply e.g. for an NVMe replacement drive from Kingston or Samsung (proprietary hardware too, it's a shocker).
None of my 5 Samsung SSDs are supported (3 NVMe and 2 SATA). But they can be updated from MS Windows.
I guess only built-in Samsung OEM drives can be updated with fwupd.
And thanks to fwupd and Logitech's embracing it, we had the fix in a very short time.
It has only been partially fixed. A complete fix would require replacing all existing hardware:
Mengs says this vulnerability exists due to an incomplete fix for CVE-2016-10761, one of the infamous MouseJack vulnerabilities, and that Logitech has no plans on patching this new attack variation.