Attackers can use tampered WLAN packets to insert malicious code into a vulnerable Linux kernel. This pops up from an email from SUSE employee Marcus Meissner. So Sönke Huster of TU Darmstadt discovered one of the gaps.
According to Meissner, Intel employee Johannes Berg worked with Hoster to assess and fix the vulnerability. In doing so, they encountered more problems with the WLAN stack which could be abused “over the air”.
Proof of concept and spots
Sönke Huster provides more detailed explanations with prepared packages, crash logs and explanations of vulnerabilities in an additional email. A total of five vulnerabilities were compiled with their CVE entries. However, IT security experts still weigh its severity as CVSS.
|
CVE number |
Good heart |
short description |
|
CVE-2022-41674 |
RCE |
fix u8 overflow in cfg80211_update_notlisted_nontrans -> write limit 256 bytes |
|
CVE-2022-42719 |
RCE |
wifi: mac80211: fix MBSSID parsing for use after free use -> use after free status |
|
CVE-2022-42720 |
RCE |
wifi: cfg80211: fix BSS recalculation errors, reference count -> usability after use |
|
CVE-2022-42721 |
dos |
wifi: cfg80211: Avoid corrupting the unsent BSS list corruption list -> according to Johans, however it will make it an endless loop |
|
CVE-2022-42722 |
dos |
wifi: mac80211: fix crash in beacon protection for P2P -> NULL ptr dereference failure |
The developers sent patches to close security holes in the Linux kernel. According to Meissner, they should be introduced in the coming days. Huster states that some vulnerabilities have been introduced since kernel 5.1-rc1, and others only since version 5.2-rc1 of the operating system kernel.
Linux administrators who use and have WLAN activated should use the distribution’s package manager to quickly find and install available kernel updates. Recently, some components of the nftables firewall were responsible for vulnerabilities in the Linux kernel that could have allowed attackers to escalate their privileges.
(DMK)
