Linux Kernel WLAN Remote Code Execution Vulnerabilities
On October 13, security researcher Sönke Huster of TU-Darmstadt introduced a POC detailing several CVEs, including CVE-2022-42719 and CVE-2022-42720. Both are remote code execution (RCE) vulnerabilities in the Linux kernel WiFi stack present from 5.2-rc1 forward. Both are expected to score a CVSSv3 of 7.3, making these High-importance vulnerabilities.
The vulnerabilities can be exploited over-the-air via malicious packets on untrusted wireless networks through a buffer overwrite within the Linux kernel’s mac80211 framework. Successful exploitation of an RCE vulnerability could lead to the attacker gaining access to an application or the system. This can allow the attacker to access and inject additional code or instructions into the underlying device’s commands or processes.
In all, five total CVEs were discovered during POC research and disclosed. These include:
CVE-2022-41674: Remote Code Execution, CVSSv3 7.3 High
CVE-2022-42719: Remote Code Execution, CVSSv3 7.3 High
CVE-2022-42720: Remote Code Execution, CVSSv3 7.3 High
CVE-2022-42721: Denial of Service, CVXXv3 5.7 Medium
CVE-2022-42722: Denial of Service, CVXXv3 5.5 Medium
Fixes for the vulnerabilities have been merged by Linus, but will take some time to trickle down to the various distros.
These vulnerabilities are likely to be most impactful for Android devices and Linux Workstations (with definite impact on any servers that happen to use a WiFi adapter as well).
Automox recommends evaluating your fleet to understand any potential exposure and applying patches to your Linux systems as they become available from the major distros over the coming hours/days.
Start your free trial now.
Get started with Automox in no time.
By submitting this form you agree to our Master Services Agreement and Privacy Policy