Realtek RTL8723BS WiFi Linux Driver Hardened Against Malicious WiFi Access Points
([Linux Networking] 6 Hours Ago
Realtek RTL8723BS)
- Reference: 0001645967
- News link: https://www.phoronix.com/news/Realtek-RTL8723BS-WiFi-Bad-APs
- Source link:
The staging driver fixes that were sent out this week ahead of the Linux 7.2-rc3 release is predominantly made up of hardening the Realtek RTL8723BS WiFi driver. In particular, a number of fixes for addressing out-of-bounds behavior when connecting to "bad" WiFi hosts.
Alexandru Hossu has been working on addressing a number of out-of-bounds "OOB" memory access conditions that could occur when the driver is iterating on attacker-controlled data provided from over-the-air frames. The driver was not properly validating the header or payload that could lead to a number of OOB reads/writes if connecting to a malicious WiFi access point.
These patches are set to be merged today ahead of the Linux 7.2-rc3 kernel release. These security fixes are also set to be back-ported to the existing Linux stable kernel versions too. These security shortcomings around over-the-air WiFi data handling have existed since the rtl8723bs driver was added to the Linux kernel's staging area back in 2017.
Since the staging admission nearly a decade ago, the Realtek RTL8723BS has continued seeing much driver cleaning with nearly ever kernel cycle with it [1]proving to be a "beast of a driver" in code complexity . The Realtek RTL8723BS is an 802.11 b/g/n SDIO WiFi chipset with Bluetooth 4.0 support and over the years has been found in many different devices.
These out-of-bounds fixes when dealing with nefarious WiFi hosts is the main set of changes with [2]this week's staging fixes .
[1] https://www.phoronix.com/news/Linux-7.2-Staging
[2] https://lore.kernel.org/lkml/alNUCxosMgwZ2XQO@kroah.com/
Alexandru Hossu has been working on addressing a number of out-of-bounds "OOB" memory access conditions that could occur when the driver is iterating on attacker-controlled data provided from over-the-air frames. The driver was not properly validating the header or payload that could lead to a number of OOB reads/writes if connecting to a malicious WiFi access point.
These patches are set to be merged today ahead of the Linux 7.2-rc3 kernel release. These security fixes are also set to be back-ported to the existing Linux stable kernel versions too. These security shortcomings around over-the-air WiFi data handling have existed since the rtl8723bs driver was added to the Linux kernel's staging area back in 2017.
Since the staging admission nearly a decade ago, the Realtek RTL8723BS has continued seeing much driver cleaning with nearly ever kernel cycle with it [1]proving to be a "beast of a driver" in code complexity . The Realtek RTL8723BS is an 802.11 b/g/n SDIO WiFi chipset with Bluetooth 4.0 support and over the years has been found in many different devices.
These out-of-bounds fixes when dealing with nefarious WiFi hosts is the main set of changes with [2]this week's staging fixes .
[1] https://www.phoronix.com/news/Linux-7.2-Staging
[2] https://lore.kernel.org/lkml/alNUCxosMgwZ2XQO@kroah.com/