Otto  background

WLAN Vulnerabilities Discovered in Linux Kernel

Connect With Us

Start now, and patch, configure, and control all your endpoints in just 15 minutes.

Linux Kernel WLAN Remote Code Execution Vulnerabilities

On October 13, security researcher Sönke Huster of TU-Darmstadt introduced a POC detailing several CVEs, including CVE-2022-42719 and CVE-2022-42720. Both are remote code execution (RCE) vulnerabilities in the Linux kernel WiFi stack present from 5.2-rc1 forward. Both are expected to score a CVSSv3 of 7.3, making these High-importance vulnerabilities. 

The vulnerabilities can be exploited over-the-air via malicious packets on untrusted wireless networks through a buffer overwrite within the Linux kernel’s mac80211 framework. Successful exploitation of an RCE vulnerability could lead to the attacker gaining access to an application or the system. This can allow the attacker to access and inject additional code or instructions into the underlying device’s commands or processes.

In all, five total CVEs were discovered during POC research and disclosed. These include:

  • CVE-2022-41674: Remote Code Execution, CVSSv3 7.3 High

  • CVE-2022-42719: Remote Code Execution, CVSSv3 7.3 High

  • CVE-2022-42720: Remote Code Execution, CVSSv3 7.3 High

  • CVE-2022-42721: Denial of Service, CVXXv3 5.7 Medium

  • CVE-2022-42722: Denial of Service, CVXXv3 5.5 Medium

Fixes for the vulnerabilities have been merged by Linus, but will take some time to trickle down to the various distros. 

These vulnerabilities are likely to be most impactful for Android devices and Linux Workstations (with definite impact on any servers that happen to use a WiFi adapter as well). 

Automox recommends evaluating your fleet to understand any potential exposure and applying patches to your Linux systems as they become available from the major distros over the coming hours/days. 


Dive deeper into this topic

loading...