|
|
Subscribe / Log in / New account

Some remotely exploitable kernel WiFi vulnerabilities

[Posted October 13, 2022 by corbet]

It would appear that there is a set of memory-related vulnerabilities in the kernel's WiFi stack that can be exploited over the air via malicious packets; five CVE numbers have been assigned to the set. Fixes are headed toward the mainline and should show up in stable updates before too long; anybody who uses WiFi on untrusted networks should probably keep an eye out for the relevant updates.
to post comments

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 13, 2022 15:48 UTC (Thu) by fmyhr (subscriber, #14803) [Link]

"...anybody who uses WiFi on untrusted networks..."
More tongue-in-cheek humor from our esteemed -- albeit often grumpy -- editor?

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 13, 2022 16:11 UTC (Thu) by johill (subscriber, #25196) [Link] (10 responses)

> anybody who uses WiFi on untrusted networks

It's actually worse than that - you just have to be scanning (though one of the issues requires P2P functionality to be enabled).

So basically it's just

> anybody who uses WiFi

unfortunately.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 13, 2022 17:04 UTC (Thu) by walters (subscriber, #7396) [Link] (9 responses)

Ugh =/

Has anyone posted an analysis of how old the bugs are? I'm assuming the flaws aren't that new, and that likely means there's a *lot* of potentially vulnerable IoT and other Linux devices out there.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 13, 2022 17:25 UTC (Thu) by cesarb (subscriber, #6266) [Link]

Doing a quick look (the last commit in the series is https://git.kernel.org/pub/scm/linux/kernel/git/wireless/... and you can follow the "parent" links for the rest), and looking at the Fixes: lines for them, it seems the commits being fixed are from the first quarter of 2019. So yeah, unfortunately old enough.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 13, 2022 17:47 UTC (Thu) by eknoes (guest, #158833) [Link]

Sorry, it took me longer than expected but I just posted PoCs + logs here:
https://www.openwall.com/lists/oss-security/2022/10/13/5

Most of the vulnerabilities were introduced in 5.1/5.2.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 0:47 UTC (Fri) by NYKevin (subscriber, #129325) [Link] (3 responses)

It's going to be fun watching all of the Android OEMs who never update anything try to get their shit together for this.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 6:36 UTC (Fri) by lkundrak (subscriber, #43452) [Link]

No, they're just going to ignore it.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 15, 2022 9:20 UTC (Sat) by fabiop (guest, #24661) [Link] (1 responses)

Most of them still use older than 5.x kernels...

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 16, 2022 16:00 UTC (Sun) by flussence (guest, #85566) [Link]

Cursed/blessed with 3.0.x on mine!

…it's everyone else who uses the same network I have to worry about, but that was already a disaster area.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 6:44 UTC (Fri) by pabs (subscriber, #43278) [Link] (2 responses)

Excellent! This should help with installing libre distros on non-GPL-compliant devices. Of course there are lots of other Linux kernel and firmware exploits for that too.

https://wiki.debian.org/Exploits

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 19:06 UTC (Fri) by lindi (subscriber, #53135) [Link] (1 responses)

Have any exploits actually been released for these vulnerabilities yet?

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 15, 2022 6:21 UTC (Sat) by pabs (subscriber, #43278) [Link]

There are no public fully weaponised exploits yet, but there are proofs of concept posted in the oss-sec thread and linked in the comment above.

https://lwn.net/Articles/911080/
https://www.openwall.com/lists/oss-security/2022/10/13/5

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 13, 2022 17:30 UTC (Thu) by pallas (guest, #128204) [Link]

I found a bug like this in MacOS years ago, where the device would get into a reboot loop and couldn’t even make it to recovery mode due to parsing a particular WiFi probe response, but I had to go through a backchannel due to my employer. Apple security stonewalled me so I just kept checking to see if a new release fixed the issue and four years later it finally did.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 11:10 UTC (Fri) by MattBBaker (guest, #28651) [Link] (2 responses)

But no one is asking the important questions here, "Does the exploit have a brand name and a web page?"

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 11:15 UTC (Fri) by johill (subscriber, #25196) [Link]

I asked, they didn't want one ;-)

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 13:55 UTC (Fri) by dveeden (subscriber, #120424) [Link]

Here it is called Beacown: https://github.com/PurpleVsGreen/beacown

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 15, 2022 14:56 UTC (Sat) by scientes (guest, #83068) [Link] (4 responses)

When GitHub had that man trying to tell them that they were arrogant pricks, in dire need of Microsoft coming in and socializing them (aside from all the demonization, Microsoft *does* know how to socialize the same geek-to-stud feeling that Vladimir Putin wanted to share with me), he eventually had to create a comment dated in the past, and then GitHub got scared and had a backlash, thinking it a sacred service from God to kill the messenger.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 15, 2022 15:22 UTC (Sat) by scientes (guest, #83068) [Link] (3 responses)

I still remember my first java phone.[1] Deep in the menus I found the GPS app, which is not very useful without maps. As Vladimir Putin says through his friends in the Russian Artic (and he just reminded me of this on the train from Vladivostok—and I shared with him how Amy Lawson invited a woman who studied on the island in the Artic of Alaska, with the same spirit as he is inspiring in the parks of Moscow), "Lybia, boring—Oh, there I am!"

[1] And you sent me that compent JavaSoft guy in San Francisco. The current code I am working on I avoided "synronization points" warning of clang, which he taught me, but is really a stupid rule of the C11 spec, draft n1570.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 16, 2022 2:19 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link] (2 responses)

Are you a test of an AI text generator?

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 16, 2022 6:19 UTC (Sun) by oldtomas (guest, #72579) [Link]

For once I have to agree with you :-)

But then I found this gem: "synronization points". Quotes and all.

An internet search with my favourite search engine turned up empty (it was not easy to convince the thing that I was looking for that and that they not correct the typo). To be thorough, the term "synronization", not in the above context, /can/ be found, so with the right sloppy word embedding model...

It would still be a sleazy AI introducing a typo that can't be found in the intertubes.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 17, 2022 7:18 UTC (Mon) by eduperez (guest, #11232) [Link]

Perhaps a test for an AI natural language processor? Some AI smarter than me, I guess...

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 16, 2022 1:56 UTC (Sun) by scientes (guest, #83068) [Link]

Looking at these patches, I do not think Genode is effected, as the main piece of kernel code they took is the entirety of the iwlwifi driver (and I bought that card and switched to it, because it was the only piece on my Lenovo laptop that didn't match the reference laptop).

OpenWrt: security advisory and new releases

Posted Oct 19, 2022 15:50 UTC (Wed) by xose (subscriber, #535) [Link]

Security Advisory 2022-10-17-1 - Multiple issues in mac80211 and cfg80211 (CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721 and CVE-2022-42722)
OpenWrt 21.02.5 fifth service release
OpenWrt 22.03.2 second service release


Copyright © 2022, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds