Wireless Issue in Linux Reported
-
Various Linux Kernel WLAN security issues (RCE/DOS) found
-
[oss-security] Various Linux Kernel WLAN security issues (RCE/DOS) found
Security Researcher Soenke Huster from Tu Darmstadt ( shuster@seemoo.tu-darmstadt.de ) emailed SUSE with a buffer overwrite in the Linux Kernel mac80211 framework triggered by WLAN frames.
We delegated the issue to the kernel security folks, and Soenke and Johannes Berg from Intel evaluated and worked on this issue.
During their research they found multiple more problems in the WLAN stack, exploitable over the air. -
Some remotely exploitable kernel WiFi vulnerabilities [LWN.net]
It would appear that there is a set of memory-related vulnerabilities in the kernel's WiFi stack that can be exploited over the air via malicious packets; five CVE numbers have been assigned to the set. Fixes are headed toward the mainline and should show up in stable updates before too long; anybody who uses WiFi on untrusted networks should probably keep an eye out for the relevant updates.