Hello Peter,
On 15 Oct 2022, at 17:18, Peter Müller peter.mueller@ipfire.org wrote:
Hello development folks,
in case you have not noticed already, there are reports on a series of memory-related security vulnerabilities in Linux' WiFi component, some with RCE potential, others "just" allowing an adversary in WiFi proximity to DoS the system.
Please find more information here: https://www.openwall.com/lists/oss-security/2022/10/13/5
IPFire is vulnerable to all of these except for CVE-2022-42722, which requires a P2P device to be set up on the victim system as a precondition for successful exploitation.
Patches are available (so is PoC exploit code), and have been merged into Linux 5.15.74, released earlier today: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.74
As for ready-to-use exploits, I have not seen anything arriving on exploit DB & friends, but I guess that is a matter of time. Given the vulnerabilities' characteristics, however, exploitation will likely be more of a wardiving style.
While there is no reason to panic, I would like to ship these fixes rather soon. Briefly discussed this with Michael on the phone yesterday, and we both agree not to update the kernel that is currently in Core Update 171 (which is anticipated to be released next week).
However, I was thinking about cherry-picking the relevant (14) commits from kernel 5.15.74, which would greatly buy us time for Core Update 172, have our users protected, and is less likely to cause collateral damage than shipping vanilla 5.15.74.
Yes, I believe that this is the way to go.
Please send a patch :)
Should there be no vetoes on this until Tuesday morning, I would go for this option. As always, any comments/critics/questions are greatly appreciated.
All the best, Peter Müller
-Michael