![](/style/images/good.png)
3
![](/style/images/bad.png)
[oss-security] Various Linux Kernel WLAN security issues (RCE/DOS) found
source link: https://lwn.net/ml/oss-security/[email protected]/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
[oss-security] Various Linux Kernel WLAN security issues (RCE/DOS) found
Thread information
[Search the oss-security archive]
From: | Marcus Meissner <meissner-AT-suse.de> | |
To: | oss-security-AT-lists.openwall.com, shuster-AT-seemoo.tu-darmstadt.de | |
Subject: | [oss-security] Various Linux Kernel WLAN security issues (RCE/DOS) found | |
Date: | Thu, 13 Oct 2022 12:10:54 +0200 | |
Message-ID: | <[email protected]> |
Hi folks, Security Researcher Soenke Huster from Tu Darmstadt ( [email protected] ) emailed SUSE with a buffer overwrite in the Linux Kernel mac80211 framework triggered by WLAN frames. We delegated the issue to the kernel security folks, and Soenke and Johannes Berg from Intel evaluated and worked on this issue. During their research they found multiple more problems in the WLAN stack, exploitable over the air. The patchset has been posted to the netdev list just now and will be merged in the next hours/days: https://lore.kernel.org/netdev/20221013100522.46346-1-joh... I have requested 5 CVE from Mitre, they are referenced in the commits. Note that some patches did not get CVEs, as these were not showing any relevant security impact but only warning messages or UBSAN shift overflow messages. CVE-2022-41674: fix u8 overflow in cfg80211_update_notlisted_nontrans (max 256 byte overwrite) (RCE) CVE-2022-42719: wifi: mac80211: fix MBSSID parsing use-after-free use after free condition (RCE) CVE-2022-42720: wifi: cfg80211: fix BSS refcounting bugs ref counting use-after-free possibilities (RCE) CVE-2022-42721: wifi: cfg80211: avoid nontransmitted BSS list corruption list corruption, according to Johannes will however just make it endless loop (DOS) CVE-2022-42722: wifi: mac80211: fix crash in beacon protection for P2P-device NULL ptr dereference crash (DOS) Soenke will post additional details as followup to this email. Ciao, Marcus
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK