Huster e-mailed leading European Linux distributor SUSE with news that there was a nasty buffer overwrite in the Linux Kernel mac80211 Wi-Fi framework, which could be triggered remotely by misusing WLAN frames.
SUSE, in turn, delegated the issue to the kernel security crew, Huster, an Intel principal engineer, and the mac80211 main architect worked on fixing the problem. They also quickly found multiple other Wi-Fi security holes that could be exploited by an attacker over a Wi-Fi network connection.
The original bug, a buffer overflow flaw labeled CVE-2022-41674, would. Red Hat reports that this "flaw allow an attacker to crash the system or leak internal kernel information." With a Red Hat Common Vulnerability Scoring System (CVSS) score of 7.3, Red Hat considers it to be of "Moderate Impact."
I think, when you put all the holes together, it's much worse than that. The real nasty piece, as far as I'm concerned, is that these holes are triggered by "Beacon frames." Wi-Fi Access Points (AP) constantly transmit these, so any device scanning for a network will pick them up.
In other words, with a malicious AP, an attacker would automatically attack any Linux device in the area that was scanning for networks. A firewall wouldn't stop it. Neither would a VPN. There's no need to phish the user. Just turn on your laptop or what have you, and, ta-da, instant crash.
Android and Internet of Things (IoT) Linux distros may have more trouble. Their developers often take their own sweet time with patching security problems. Ironically, many of these distros may be safe because they're using kernels, which are too old to be affected by this security hole. Specifically, phones running Android 12 or earlier are safe.
Brand new devices with Android 13, however, are another story. These include flagship phones such as the Google Pixel 4 and newer; Asus Zenfone 8; and the Samsung S22, S21, and S20. The good news is that all major companies are much better at updating their operating systems than second-tier smartphone vendors. With luck, no one will get to experience their phone crashing simply because some jerk is getting giggles from running a trouble-making Wi-Fi AP.