From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Heads up: Various Linux Kernel WiFi security issues (RCE/DOS) disclosed Date: Mon, 17 Oct 2022 14:35:04 +0100 Message-ID: <8C2F909E-F0DC-4560-9C64-0AAD7269542F@ipfire.org> In-Reply-To: <86c66ec4-9dd4-f505-41d4-9bd7a9d9fded@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0582152863576828353==" List-Id: --===============0582152863576828353== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Peter, > On 15 Oct 2022, at 17:18, Peter M=C3=BCller wr= ote: >=20 > Hello development folks, >=20 > in case you have not noticed already, there are reports on a series of memo= ry-related > security vulnerabilities in Linux' WiFi component, some with RCE potential,= others "just" > allowing an adversary in WiFi proximity to DoS the system. >=20 > Please find more information here: https://www.openwall.com/lists/oss-secur= ity/2022/10/13/5 >=20 > IPFire is vulnerable to all of these except for CVE-2022-42722, which requi= res a P2P > device to be set up on the victim system as a precondition for successful e= xploitation. >=20 > Patches are available (so is PoC exploit code), and have been merged into L= inux 5.15.74, > released earlier today: https://cdn.kernel.org/pub/linux/kernel/v5.x/Change= Log-5.15.74 >=20 > As for ready-to-use exploits, I have not seen anything arriving on exploit = DB & friends, > but I guess that is a matter of time. Given the vulnerabilities' characteri= stics, however, > exploitation will likely be more of a wardiving style. >=20 > While there is no reason to panic, I would like to ship these fixes rather = soon. Briefly > discussed this with Michael on the phone yesterday, and we both agree not t= o update the > kernel that is currently in Core Update 171 (which is anticipated to be rel= eased next > week). >=20 > However, I was thinking about cherry-picking the relevant (14) commits from= kernel > 5.15.74, which would greatly buy us time for Core Update 172, have our user= s protected, > and is less likely to cause collateral damage than shipping vanilla 5.15.74. Yes, I believe that this is the way to go. Please send a patch :) > Should there be no vetoes on this until Tuesday morning, I would go for thi= s option. As > always, any comments/critics/questions are greatly appreciated. >=20 > All the best, > Peter M=C3=BCller -Michael --===============0582152863576828353==--