Hello Peter, > On 15 Oct 2022, at 17:18, Peter Müller wrote: > > Hello development folks, > > in case you have not noticed already, there are reports on a series of memory-related > security vulnerabilities in Linux' WiFi component, some with RCE potential, others "just" > allowing an adversary in WiFi proximity to DoS the system. > > Please find more information here: https://www.openwall.com/lists/oss-security/2022/10/13/5 > > IPFire is vulnerable to all of these except for CVE-2022-42722, which requires a P2P > device to be set up on the victim system as a precondition for successful exploitation. > > Patches are available (so is PoC exploit code), and have been merged into Linux 5.15.74, > released earlier today: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.74 > > As for ready-to-use exploits, I have not seen anything arriving on exploit DB & friends, > but I guess that is a matter of time. Given the vulnerabilities' characteristics, however, > exploitation will likely be more of a wardiving style. > > While there is no reason to panic, I would like to ship these fixes rather soon. Briefly > discussed this with Michael on the phone yesterday, and we both agree not to update the > kernel that is currently in Core Update 171 (which is anticipated to be released next > week). > > However, I was thinking about cherry-picking the relevant (14) commits from kernel > 5.15.74, which would greatly buy us time for Core Update 172, have our users protected, > and is less likely to cause collateral damage than shipping vanilla 5.15.74. Yes, I believe that this is the way to go. Please send a patch :) > Should there be no vetoes on this until Tuesday morning, I would go for this option. As > always, any comments/critics/questions are greatly appreciated. > > All the best, > Peter Müller -Michael