Could someone more knowledgeable than me comment if this is as worse as it looks?
As I understood the issues, this will probably lot's of "fun". You can broadcast the pcap files with any monitor mode capable wifi router. Luckily it's 5.1+ so most devices run very old vendor patched kernels and are probably not affected but at least for causing havoc this is really bad. As one issue is using beacon frames just a scan for networks should be enough for a crash. So you can at least crash and maybe exploit any device running recent Linux that scans for wifi networks.
I'm not sure how it's possible to do over the air remote code execution but I guess people are working on this.
Looks like these are all in mac80211. I'm not 100% familiar with the intimate details of 802.11 but I have read the relevant parts of the standard, at least enough to RE some drivers, and a lot of things were clearly designed to be fixed and of a definite size so as to be implementable on a highly constrained embedded environment, so to see things like use-after-frees appear is a little disappointing.
Fortunately, on Qubes OS, only the networking VM can be exploited like this, and it will be clean again after its reboot.
FYI Fixes are now in openWrt master 21.x and 22.x branches. New bin files will be posted soon. Or you can build from the git.
Stupid question, but how come this has not been embargoed?
Seems like a pretty major vulnerability that affects tons of devices.
Seems like most of these got introduced in 5.1/5.2/5.8 and fixed in 5.19.14.
guess its gonna be easier than ever to root one's android phone.
> The 6.0.2, 5.19.16, 5.15.74, 5.10.148, and 5.4.218 stable kernel updates have all been released. Among other things, these updates contain the fixes for the recently disclosed WiFi vulnerabilities. ~~ LWN.net
Nice. Just in time for a long weekend on public WiFi with my Linux laptop.
Much better link:
> anybody who uses WiFi on untrusted networks
So is this for public/open Wifi networks only? Or is it for any wireless network where you do not control the gateway?
Hmm does anyone know if there is a site/community/service that keeps track of backports fixing CVEs for different Linux distros?
Eh, it didn't get cutesy name like BadWiFi, won't be that bad /s
Weekly news of memory related CVE.
Keep using unsafe langs.
What will be there in next week? CVE in Chromium?
At this point betting sites should add category for that kind of games.
I do wonder what people of future will think about this:
"So they had research indicating that a lot of issues were related to memory, had technology which significantly reduces this issue, but they still kept doin mess for years?"
https://msrc-blog.microsoft.com/2019/07/22/why-rust-for-safe...
https://microsoftedge.github.io/edgevr/posts/Super-Duper-Sec...
https://www.chromium.org/Home/chromium-security/memory-safet...
Memory issues and JIT (browsers) are two things that are responsible for disgusting amount of security issues
Can we please stop running network drivers and network stacks in kernel mode by default? It's 2022 and we've got more than enough compute power nowadays that the performance hit for running these in user-land is negligible for most use cases. Smartphone, tablet or laptop users usually do not need the level of performance that requires running that stuff in the kernel when browsing the web.
I get that there are some use cases where performance really matters to the point where kernel network stack and drivers make a difference (high-throughput and/or low-latency services running on servers, high-performance routers...), but that should not be the default for everyone.