Linux kernel gets patches for serious Wi-Fi vulnerabilities

Linux received fixes for five Wi-Fi vulnerabilities found in the kernel that could have been used by malicious actors to leak internal data or crash a vulnerable system.

Patches are included in a new stable kernel, 5.10.148released by stable core maintainer Greg Croix-Hartman.

The issues are also addressed in the upcoming Linux kernel 6.1 by Linux creator Linus Torvalds.

Security researcher Soenke Huster of Germany’s Technical University of Darmstadt initially discovered a security hole and alerted top European Linux distributor SUSE about it. The vulnerability was a framebuffer overwrite issue in the Linux mac80211 kernel kernel that could be exploited remotely by improperly exploiting WLAN frames.

Intel’s Soenke and Johannes Berg were tasked with patching the vulnerability, according to a mailing list post by Markus Meissner of SUSE.

During their investigation, Soenke and Berg discovered four more Wi-Fi security issues that could be exploited by an attacker over a Wi-Fi network connection. While three of the five vulnerabilities could lead to remote code execution (RCE), the other two vulnerabilities could be used to cause a denial of service (DoS) attack.

The fact that these Wi-Fi bugs can be exploited over the air via malicious packets on untrusted wireless networks makes them more of a threat.

These five security issues are being tracked as:

• CVE-2022-41674: fix u8 overflow in cfg80211_update_notlisted_nontrans (max 256 byte overwrite); (RCE). Red Hat reports that this buffer overflow bug could allow an attacker to leak internal kernel data or crash the system.
• CVE-2022-42719: wifi: mac80211: fix MBSSID parse usage after free usage after free state; (RCE).
• CVE-2022-42720: wifi: cfg80211: fix BSS count bugs, count refs to use after free; (RCE).
• CVE-2022-42721: wifi: cfg80211: avoid untransmitted list with BSS list corruption (leads to infinite loop); DOS.
• CVE-2022-42722: wifi: mac80211: fix crash in beacon protection for P2P-device NULL ptr dereference crash; DOS.

Most of these vulnerabilities were added to Linux in the first quarter of 2019. As a result, they were included in the Linux 5.1 and 5.2 kernels, meaning that any Linux distribution you currently use is open to attack through these weaknesses.

For example, both Red Hat Enterprise Linux (RHEL) 8 and 9 were vulnerable.

But the good news is that the patches have arrived. On October 13, they were pushed to the stable cores.

The just released 5.10.148 Linux kernel is the latest and safest version.

Linus Torvalds also addressed the issues in the next Linux kernel 6.1.

This is not the first time security weaknesses have been patched in the Linux kernel.

In June, the US Cybersecurity and Infrastructure Security Agency (CISA) added a Linux security vulnerability called PwnKit to its catalog of known exploitable vulnerabilities (KEV) and warned that the flaw had been actively exploited in attacks.

The PwnKit bug, tracked as CVE-2021-4034, was discovered by Qualys researchers in January 2022.

The vulnerability allowed attackers to gain full root rights on the system if they had access to a regular user account without administrative rights.

In March, a researcher disclosed details of a “Dirty Pipe” vulnerability in the Linux kernel that an attacker could exploit to write any data to an arbitrary file and elevate privileges as a result.