Linux kernel receives patches for serious Wi-Fi vulnerabilities
These bugs may be exploited over-the-air via malicious packets on untrusted wireless networks, making them a significant threat
Linux has received patches for five Wi-Fi vulnerabilities that were found in the kernel and could have been exploited by malicious actors to leak internal data or crash a vulnerable system.
The patches have been included in a new stable kernel, 5.10.148, released by stable kernel maintainer Greg Kroah-Hartman.
The issues are also addressed in the upcoming Linux kernel 6.1 by Linux creator Linus Torvalds.
Security researcher Soenke Huster from Germany's Technical University of Darmstadt initially discovered one security hole and alerted top European Linux distributor SUSE about it. The vulnerability was a buffer overwrite issue in the Linux Kernel mac80211 framework, which could be remotely exploited by misusing WLAN frames.
Soenke and Johannes Berg of Intel were given the task of patching the vulnerability, according to a mailing list post by SUSE's Marcus Meissner.
During their investigation, Soenke and Berg uncovered four more Wi-Fi security issues which could be exploited by an attacker over a Wi-Fi network connection. While three of the five flaws could lead to remote code execution (RCE), the other two vulnerabilities could be used to cause a denial-of-service (DoS) attack.
The fact that these Wi-Fi bugs may be exploited over-the-air via malicious packets on untrusted wireless networks makes them a bigger threat.
These five security issues are tracked as:
- CVE-2022-41674: fix u8 overflow in cfg80211_update_notlisted_nontrans (max 256 byte overwrite); (RCE). Red Hat reports that this buffer overflow bug could enable an attacker to leak internal kernel data or crash the system.
- CVE-2022-42719: wifi: mac80211: fix MBSSID parsing use-after-free use after free condition; (RCE).
- CVE-2022-42720: wifi: cfg80211: fix BSS refcounting bugs ref counting use-after-free possibilities; (RCE).
- CVE-2022-42721: wifi: cfg80211: avoid nontransmitted BSS list corruption list (leads to an endless loop); DOS.
- CVE-2022-42722: wifi: mac80211: fix crash in beacon protection for P2P-device NULL ptr dereference crash; DOS.
Most of these flaws were added to Linux during the first quarter of 2019. As a result, they were included to the kernels of Linux 5.1 and 5.2, meaning that any Linux distribution you are currently using is open to attacks via these weaknesses.
For instance, both Red Hat Enterprise Linux (RHEL) 8 and 9 were susceptible to assault.
But the good news is that the patches have arrived. On October 13th, they were pushed out to the stable kernels.
The just-released 5.10.148 Linux kernel is the newest and safest version.
Linus Torvalds has also addressed the issues in the next Linux kernel 6.1.
This is not the first time that security weaknesses have been fixed in Linux kernel.
In June, the US Cybersecurity and Infrastructure Security Agency (CISA) added a Linux security vulnerability called PwnKit to its Known Exploited Vulnerabilities (KEV) catalogue and warned that the flaw has been actively exploited in attacks.
The PwnKit bug, tracked as CVE-2021-4034, was discovered by Qualys researchers in January 2022.
The vulnerability enabled attackers to gain full root privileges on the system if they had access to a regular user account without admin privileges.
In March, a researcher disclosed details of the 'Dirty Pipe' vulnerability in the Linux kernel, which an attacker could take advantage of to write any data into an arbitrary file and elevate privileges as a result.