Linux wifi stack exploit Beacown

[sounds]

Summary

Linux kernels from 5.1 through the latest (as of today, 2022 October 14) have a wifi vulnerability which allows a remote attacker to set up a wifi network and gain control of the linux kernel.

 

Note that your Android device does not have to join their network, just be scanning in the vicinity of the attacker.

 

Quotes

Quote

CVE-2022-41674

 

This vulnerability was introduced in v5.1-rc1 and leads to a heap overflow. Compiled with CONFIG_SLUB_DEBUG_ON the kernel emits the following among other errors:

 

(memory corruption error)

 

My thoughts

Today is a bad day to be using Android. I use Android. I'm turning off my wifi. For at least the next month or so.

 

Sources

https://lwn.net/Articles/911062/

https://lwn.net/ml/oss-security/20221013101046.GB20615@suse.de/

https://github.com/PurpleVsGreen/beacown

[GOTSpectrum]

Somewhat unrelated... 

 

wth is with this embed? 

 

 

Also, now to the thing... let's hope a fix is pushed asap... 

 

As a android and linux users I have to say this is quite concerning 

[Fasterthannothing]

I could have sworn there was something similar in the way the kernel was built many many many years ago and it was used to exploit the wifi cards on mobile devices

 

Edit here it is:

https://blogs.blackberry.com/en/2017/08/broadpwn-the-mobile-exploit-for-android-and-iphones