Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision Next revisionBoth sides next revision | ||
| advisory:2022-10-17-1 [2022/10/16 22:07] – created hauke | advisory:2022-10-17-1 [2022/10/17 18:31] – add CVE links hauke | ||
|---|---|---|---|
| Line 11: | Line 11: | ||
| Multiple vulnerabilities were found in the Linux Kernel mac80211 and cfg80211 framework. | Multiple vulnerabilities were found in the Linux Kernel mac80211 and cfg80211 framework. | ||
| - | OpenWrt takes the mac80211 and cfg80211 framework from the wireless backports project which copies it from a more recent Linux kernel version. | + | OpenWrt takes the mac80211 and cfg80211 framework from the wireless backports project which copies it from a more recent Linux kernel version. |
| - | | + | These vulnerabilities are in the Multi BSSID (MBSSID) parsing code and the P2P-device beacon parsing code. |
| - | * CVE-2022-42719: | + | |
| - | * CVE-2022-42720: | + | |
| - | * CVE-2022-42721: | + | * [[https:// |
| - | * CVE-2022-42722: | + | * [[https:// |
| + | * [[https:// | ||
| + | * [[https:// | ||
| ===== REQUIREMENTS ===== | ===== REQUIREMENTS ===== | ||
| /* Describe how a malicious attacker could exploit this vulnerability */ | /* Describe how a malicious attacker could exploit this vulnerability */ | ||
| - | The vulnerabilities are mostly in the Wifi beacon parsing code. A client | + | The vulnerabilities are mostly in the Wifi beacon parsing code. OpenWrt operating as Wifi AP and Wifi client |
| An attacker could exploit this by sending specially crafted packets while the target is scanning for new networks. | An attacker could exploit this by sending specially crafted packets while the target is scanning for new networks. | ||
| + | This can be exploited by attackers which are not part of the network, no authentication needed. Wifi drivers in OpenWrt will parse beacons from arbitrary Wifi devices nearby. | ||
| All Wifi drivers in OpenWrt are using cfg80211 and many are using mac80211. | All Wifi drivers in OpenWrt are using cfg80211 and many are using mac80211. | ||
| Line 32: | Line 35: | ||
| /* describe at least how to mitigate or workaround it. */ | /* describe at least how to mitigate or workaround it. */ | ||
| - | Update to a fixed OpenWrt version. Fixes for the vulnerabilities are integrated in OpenWrt 22.03.2 and OpenWrt 21.02.5. Upgrading the packages with opkg update is not sufficient. | + | Update to a fixed OpenWrt version. Fixes for the vulnerabilities are integrated in OpenWrt 22.03.2 and OpenWrt 21.02.5. Upgrading the packages with opkg update is not sufficient. |
| The fix is contained in the following and later versions: | The fix is contained in the following and later versions: | ||