Vulnerability a worry for openwrt

Is this also worrying for openwrt

Well, if some malicious actor already has a shell running on your router, then it seems to me that you might have a lot bigger problem than a privilege escalation attack.


According to my quick reading of the linked write-up:

  • The exploit may be unstable on systems with a lot of network activity
    • Systems with WiFi adapter, when surrounded by high-usage WiFi networks, will be very unstable.

Since "network activity" and "WiFi networks" is literally OpenWrt's main purpose, it's probably not the best platform to launch this particular attack.

Unlike desktop operating systems, OpenWrt routers typically run only a fixed set of specific programs which is presumed to be trusted (because it's built into the image or comes from the OpenWrt repository). This doesn't rule out vulnerabilities in those trusted programs themselves, of course. On the other hand, if you could do an RCE there, your router is already owned and you don't need CVE-2024-1086 at all.

And checking the source, it's already mitigated in the OpenWrt tree (at least in the two I checked, k 5.15.150 and 6.1.80).

(For example, see ./build_dir/target-aarch64_cortex-a53_musl/linux-mediatek_mt7622/linux-5.15.150/net/netfilter/nf_tables_api.c line 10260.)

1 Like