News: 0001645967

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Realtek RTL8723BS WiFi Linux Driver Hardened Against Malicious WiFi Access Points

([Linux Networking] 6 Hours Ago Realtek RTL8723BS)


The staging driver fixes that were sent out this week ahead of the Linux 7.2-rc3 release is predominantly made up of hardening the Realtek RTL8723BS WiFi driver. In particular, a number of fixes for addressing out-of-bounds behavior when connecting to "bad" WiFi hosts.

Alexandru Hossu has been working on addressing a number of out-of-bounds "OOB" memory access conditions that could occur when the driver is iterating on attacker-controlled data provided from over-the-air frames. The driver was not properly validating the header or payload that could lead to a number of OOB reads/writes if connecting to a malicious WiFi access point.

These patches are set to be merged today ahead of the Linux 7.2-rc3 kernel release. These security fixes are also set to be back-ported to the existing Linux stable kernel versions too. These security shortcomings around over-the-air WiFi data handling have existed since the rtl8723bs driver was added to the Linux kernel's staging area back in 2017.

Since the staging admission nearly a decade ago, the Realtek RTL8723BS has continued seeing much driver cleaning with nearly ever kernel cycle with it [1]proving to be a "beast of a driver" in code complexity . The Realtek RTL8723BS is an 802.11 b/g/n SDIO WiFi chipset with Bluetooth 4.0 support and over the years has been found in many different devices.

These out-of-bounds fixes when dealing with nefarious WiFi hosts is the main set of changes with [2]this week's staging fixes .



[1] https://www.phoronix.com/news/Linux-7.2-Staging

[2] https://lore.kernel.org/lkml/alNUCxosMgwZ2XQO@kroah.com/



"Linux: the operating system with a CLUE...
Command Line User Environment".
(seen in a posting in comp.software.testing)