3

Some remotely exploitable kernel WiFi vulnerabilities

 1 year ago
source link: https://lwn.net/Articles/911062/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Some remotely exploitable kernel WiFi vulnerabilities

[Posted October 13, 2022 by corbet]
It would appear that there is a set of memory-related vulnerabilities in the kernel's WiFi stack that can be exploited over the air via malicious packets; five CVE numbers have been assigned to the set. Fixes are headed toward the mainline and should show up in stable updates before too long; anybody who uses WiFi on untrusted networks should probably keep an eye out for the relevant updates.
(Log in to post comments)

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 13, 2022 15:48 UTC (Thu) by fmyhr (subscriber, #14803) [Link]

"...anybody who uses WiFi on untrusted networks..."
More tongue-in-cheek humor from our esteemed -- albeit often grumpy -- editor?

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 13, 2022 16:11 UTC (Thu) by johill (subscriber, #25196) [Link]

> anybody who uses WiFi on untrusted networks

It's actually worse than that - you just have to be scanning (though one of the issues requires P2P functionality to be enabled).

So basically it's just

> anybody who uses WiFi

unfortunately.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 13, 2022 17:04 UTC (Thu) by walters (subscriber, #7396) [Link]

Ugh =/

Has anyone posted an analysis of how old the bugs are? I'm assuming the flaws aren't that new, and that likely means there's a *lot* of potentially vulnerable IoT and other Linux devices out there.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 13, 2022 17:25 UTC (Thu) by cesarb (subscriber, #6266) [Link]

Doing a quick look (the last commit in the series is https://git.kernel.org/pub/scm/linux/kernel/git/wireless/... and you can follow the "parent" links for the rest), and looking at the Fixes: lines for them, it seems the commits being fixed are from the first quarter of 2019. So yeah, unfortunately old enough.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 13, 2022 17:47 UTC (Thu) by eknoes (subscriber, #158833) [Link]

Sorry, it took me longer than expected but I just posted PoCs + logs here:
https://www.openwall.com/lists/oss-security/2022/10/13/5

Most of the vulnerabilities were introduced in 5.1/5.2.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 0:47 UTC (Fri) by NYKevin (subscriber, #129325) [Link]

It's going to be fun watching all of the Android OEMs who never update anything try to get their shit together for this.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 6:36 UTC (Fri) by lkundrak (subscriber, #43452) [Link]

No, they're just going to ignore it.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 6:44 UTC (Fri) by pabs (subscriber, #43278) [Link]

Excellent! This should help with installing libre distros on non-GPL-compliant devices. Of course there are lots of other Linux kernel and firmware exploits for that too.

https://wiki.debian.org/Exploits

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 13, 2022 17:30 UTC (Thu) by pallas (subscriber, #128204) [Link]

I found a bug like this in MacOS years ago, where the device would get into a reboot loop and couldn’t even make it to recovery mode due to parsing a particular WiFi probe response, but I had to go through a backchannel due to my employer. Apple security stonewalled me so I just kept checking to see if a new release fixed the issue and four years later it finally did.

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 11:10 UTC (Fri) by MattBBaker (subscriber, #28651) [Link]

But no one is asking the important questions here, "Does the exploit have a brand name and a web page?"

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 11:15 UTC (Fri) by johill (subscriber, #25196) [Link]

I asked, they didn't want one ;-)

Some remotely exploitable kernel WiFi vulnerabilities

Posted Oct 14, 2022 13:55 UTC (Fri) by dveeden (subscriber, #120424) [Link]

Here it is called Beacown: https://github.com/PurpleVsGreen/beacown

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK