Linux dodges serious Wi-Fi security exploits

What appeared to be one simple Linux Wi-Fi networking security problem was soon revealed to be five different nasty Wi-Fi security problems. Fortunately, the patches are on their way.
Written by Steven Vaughan-Nichols, Senior Contributing Editor
Person standing in front of network security technology.
suphakit73/iStockphoto/Getty Images

You may recall that Linus Torvalds recently added support for Rust in the Linux kernel. One of the big reasons for adding Rust was to put an end to Linux code memory problems

It can't come soon enough. Recently, five serious Linux Wi-Fi security holes were uncovered

What did they all have in common? Go ahead, guess? Yes, each and every one was caused by a memory problem because of poorly written C code. 

I'm shocked. Shocked, I tell you.

Also: Even Linus Torvalds sometimes has PC problems

That was the bad news. The good news is they've all been patched. 

The first hole was discovered by security researcher Soenke Huster from Germany's  Technical University of Darmstadt

Huster e-mailed leading European Linux distributor SUSE with news that there was a nasty buffer overwrite in the Linux Kernel mac80211 Wi-Fi framework, which could be triggered remotely by misusing WLAN frames.

SUSE, in turn, delegated the issue to the kernel security crew, Huster, an Intel principal engineer, and the mac80211 main architect worked on fixing the problem. They also quickly found multiple other Wi-Fi security holes that could be exploited by an attacker over a Wi-Fi network connection. 


So, how bad are these? Bad. As one commenter on the Linux Weekly News (LWN) site, the site for serious Linux users and developers, put it, "Basically, it's just anybody who uses Wi-Fi." 

Also: Connecting to public Wi-Fi: Here's how to protect your data and your device

Most of these vulnerabilities were introduced into Linux in the first quarter of 2019. So, they were introduced into the Linux 5.1 and 5.2 kernels. 

That, in turn, means that any Linux distro you're running today is vulnerable to attacks on these holes. 

For example, Red Hat Enterprise Linux (RHEL) 8 and 9 could both be successfully attacked. Such an assault would be a nasty one. 

The original bug, a buffer overflow flaw labeled CVE-2022-41674, would. Red Hat reports that this "flaw allow an attacker to crash the system or leak internal kernel information." With a Red Hat Common Vulnerability Scoring System (CVSS) score of 7.3, Red Hat considers it to be of "Moderate Impact."

Also: Here comes the new Red Hat Enterprise distros 

I think, when you put all the holes together, it's much worse than that. The real nasty piece, as far as I'm concerned, is that these holes are triggered by "Beacon frames." Wi-Fi Access Points (AP) constantly transmit these, so any device scanning for a network will pick them up. 

In other words, with a malicious AP, an attacker would automatically attack any Linux device in the area that was scanning for networks. A firewall wouldn't stop it. Neither would a VPN. There's no need to phish the user. Just turn on your laptop or what have you, and, ta-da, instant crash.  

The good news is the patches are in. They were pushed out to the stable kernels on October 13th. The newest, safe Linux kernel is the just-released 5.10.148. Linus Torvalds added them to the forthcoming Linux kernel 6.1. I expect all major Linux distros will have them in place for your working Linux systems by early this week.

Also: The best Linux distros for beginners

Android and Internet of Things (IoT) Linux distros may have more trouble. Their developers often take their own sweet time with patching security problems. Ironically, many of these distros may be safe because they're using kernels, which are too old to be affected by this security hole. Specifically, phones running Android 12 or earlier are safe. 

Brand new devices with Android 13, however, are another story. These include flagship phones such as the Google Pixel 4 and newer; Asus Zenfone 8; and the Samsung S22, S21, and S20. The good news is that all major companies are much better at updating their operating systems than second-tier smartphone vendors. With luck, no one will get to experience their phone crashing simply because some jerk is getting giggles from running a trouble-making Wi-Fi AP.

Editorial standards