(please move to release and security announcements)
OpenWRT will need to cut new point releases.
Yesterday, 5 new CVEs landed for WiFi in the Linux kernel.
This affects everybody who uses WiFi.
Update: apparently, fixes have already landed in 21.x and 22.x master. Just waiting for new builds.
See:https://www.openwall.com/lists/oss-security/2022/10/13/5 https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?h=wireless-2022-10-13&id=c90b93b5b782891ebfda49d4e5da36632fefd5d1 (click parent)
https://twitter.com/vanhoefm/status/1580675615992451072
1 Like
At what point is a wifi AP vulnerable to this? Can this be abused if for example the AP is determining what channel to use when wifi channel is set to "auto"?
And 21.02 got the necessary fixes as well:
committed 07:16PM - 13 Oct 22 UTC
Fixes: CVE-2022-41674
Fixes: CVE-2022-42719
Fixes: CVE-2022-42720
Fixes: CVE-202… 2-42721
Fixes: CVE-2022-42722
Signed-off-by: Felix Fietkau <nbd@nbd.name>
1 Like
maurer
October 14, 2022, 2:01pm
5
so 19.07 is not vulnerable, right (kernel 4.14 with 4.19 wifi) ?
19.07 is not supported, so dont expect any fixes for it
2 Likes
maurer
October 14, 2022, 2:23pm
7
I know it's not but there are people still using it so the message is important to them
1 Like
It looks like kernel 5.1 and up are affected so 19.07 lucked out.
1 Like