Several vulnerabilities related to WiFi are found in the Linux kernel

• A security researcher has recently found a vulnerability in the Linux kernel, related to some of the WiFi components.
• After an investigation with Intel, additional vulnerabilities were found related to WiFi functions, allowing attackers to conduct RCE and DoS attacks.
• The vulnerabilities are now being fixed for Linux kernel 6.1. Additionally, those will be backported to the previous kernel releases.

After the release of the Linux kernel 6.0, the developers are pushing for the development of Linux kernel 6.1; the first release candidate for this version will soon be available. The developers are now fixing some security issues related to WiFi components in the Linux kernel and those fixes will be available in 6.1.

RCE and DoS attacks

Currently, there is a buffer overflow issue in the mac80211 subsystem in the Linux kernel triggered by the injection of WLAN frames. This problem was found by a security researcher; which caused a further investigation with Intel. They, together, found additional security problems related to WiFi, which can result in RCE and DoS attacks. Those vulnerabilities can be seen below:

• CVE-2022-41674: An issue was discovered in the Linux kernel through 5.19.11. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
• CVE-2022-42719: A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
• CVE-2022-42720: Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.
• CVE-2022-42721: A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
• CVE-2022-42722: In the Linux kernel 5.8 through 5.19.14, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer to dereference denial-of-service attack against the beacon protection of P2P devices.

Fixes for those vulnerabilities are now merged into the Linux kernel 6.1 development. Additionally, the fixes will be back-ported for previous versions of the Linux kernel.