From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Heads up: Various Linux Kernel WiFi security issues (RCE/DOS) disclosed Date: Sat, 15 Oct 2022 16:18:14 +0000 Message-ID: <86c66ec4-9dd4-f505-41d4-9bd7a9d9fded@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5802191383240452745==" List-Id: --===============5802191383240452745== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello development folks, in case you have not noticed already, there are reports on a series of memory= -related security vulnerabilities in Linux' WiFi component, some with RCE potential, o= thers "just" allowing an adversary in WiFi proximity to DoS the system. Please find more information here: https://www.openwall.com/lists/oss-securit= y/2022/10/13/5 IPFire is vulnerable to all of these except for CVE-2022-42722, which require= s a P2P device to be set up on the victim system as a precondition for successful exp= loitation. Patches are available (so is PoC exploit code), and have been merged into Lin= ux 5.15.74, released earlier today: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLo= g-5.15.74 As for ready-to-use exploits, I have not seen anything arriving on exploit DB= & friends, but I guess that is a matter of time. Given the vulnerabilities' characterist= ics, however, exploitation will likely be more of a wardiving style. While there is no reason to panic, I would like to ship these fixes rather so= on. Briefly discussed this with Michael on the phone yesterday, and we both agree not to = update the kernel that is currently in Core Update 171 (which is anticipated to be relea= sed next week). However, I was thinking about cherry-picking the relevant (14) commits from k= ernel 5.15.74, which would greatly buy us time for Core Update 172, have our users = protected, and is less likely to cause collateral damage than shipping vanilla 5.15.74. Should there be no vetoes on this until Tuesday morning, I would go for this = option. As always, any comments/critics/questions are greatly appreciated. All the best, Peter M=C3=BCller --===============5802191383240452745==--