Announcement

Collapse
No announcement yet.

Linux 6.0.2, 5.19.16 & Other Point Releases Arrive For Fixing WiFi Stack Vulnerabilities

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux 6.0.2, 5.19.16 & Other Point Releases Arrive For Fixing WiFi Stack Vulnerabilities

    Phoronix: Linux 6.0.2, 5.19.16 & Other Point Releases Arrive For Fixing WiFi Stack Vulnerabilities

    This morning's batch of Linux kernel point releases to existing stable series is worth upgrading to given the important security fixes...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    I thought that the icon with ghosts (https://www.phoronix.com/assets/cate...xsecurity.webp) is reserved for Spectre-class vulnerabilities, which this isn't.

    Comment


    • #3
      Originally posted by patrakov View Post
      I thought that the icon with ghosts (https://www.phoronix.com/assets/cate...xsecurity.webp) is reserved for Spectre-class vulnerabilities, which this isn't.
      the ghost also has the heartbleed logo on it, so maybe it's intended to represent high-profile security vulnerabilities in general?

      Comment


      • #4
        Given this is a remote code execution in the kernel with no user interaction, I am curious about how long it takes for each distro to actually plug this issue for end users.

        I found this mention of one of the CVE codes in Ubuntu with "need triage" almost everywhere yet:
        Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.

        Comment


        • #5
          Originally posted by marlock View Post
          Given this is a remote code execution in the kernel with no user interaction, I am curious about how long it takes for each distro to actually plug this issue for end users.

          I found this mention of one of the CVE codes in Ubuntu with "need triage" almost everywhere yet:
          https://ubuntu.com/security/CVE-2022-41674
          I'm more curious about how long it'll take Android vendors to fix it... on most Linux distributions it's pretty easy to install an updated kernel yourself, but on Android most people don't have that option. right now every Android device is vulnerable. probably best to turn off WiFi on all devices until they get an update to fix these vulnerabilities, and any Android devices not receiving updates are now completely broken unless they don't use WiFi at all.

          Comment


          • #6
            These bugs were introduced in 5.1/5.2, so many android devices are just too old to be vulnerable. So that's an accidental benefit to vendors for not updating their android devices?

            Comment


            • #7
              Originally posted by saladin View Post
              These bugs were introduced in 5.1/5.2, so many android devices are just too old to be vulnerable. So that's an accidental benefit to vendors for not updating their android devices?
              that's true of the other ones, but from looking at git blame for the relevant parts of the code, CVE-2022-41674 looks like it's been there for at least 4 years.
              Last edited by hotaru; 16 October 2022, 08:55 AM.

              Comment

              Working...
              X