Linux Gets Patched For WiFi Vulnerabilities That Can Be Exploited By Malicious Packets

A set of Linux kernel WiFi stack security issues were made public today. The Linux 6.1 Git kernel has now merged fixes for these vulnerabilities while the fixes also work their way to being back-ported to existing stable series.

A security researcher from TU Darmstadt reported an issue to SUSE around a buffer overwrite within the Linux kernel's mac80211 framework triggered by WLAN frames. While investigating with Intel, they found several more problems. Making these WiFi security issues more problematic is that they can be exploited over-the-air via malicious packets on untrusted wireless networks.

The set of five CVEs made public today are:

CVE-2022-41674: fix u8 overflow in cfg80211_update_notlisted_nontrans (max 256 byte overwrite) (RCE)
CVE-2022-42719: wifi: mac80211: fix MBSSID parsing use-after-free use after free condition (RCE)
CVE-2022-42720: wifi: cfg80211: fix BSS refcounting bugs ref counting use-after-free possibilities (RCE)
CVE-2022-42721: wifi: cfg80211: avoid nontransmitted BSS list corruption list corruption, according to Johannes will however just make it endless loop (DOS)
CVE-2022-42722: wifi: mac80211: fix crash in beacon protection for P2P-device NULL ptr dereference crash (DOS)

More details on the security issue via the oss-sec list.

Linus Torvalds picked up the WiFi security fixes via more networking updates for the Linux 6.1 merge window. The patches are now working their way to currently supported Linux stable series and in turn should be picked up in those next rounds of point releases over the coming days.