[prima-facie]

> anybody who uses WiFi on untrusted networks

So is this for public/open Wifi networks only? Or is it for any wireless network where you do not control the gateway?

[e12e]

Recommend that people click through and read the comments, in particular the (now) top thread, in part:

https://lwn.net/Articles/911071/

>> anybody who uses WiFi on untrusted networks

> It's actually worse than that - you just have to be scanning (though one of the issues requires P2P functionality to be enabled).

> So basically it's just

>> anybody who uses WiFi

> unfortunately.

And:

> Sorry, it took me longer than expected but I just posted PoCs + logs here: https://www.openwall.com/lists/oss-security/2022/10/13/5

> Most of the vulnerabilities were introduced in 5.1/5.2.

[londons_explore]

> > anybody who uses WiFi

It's worse than that - android kernels process beacon frames even if wifi is disabled.

So you should be worried about this if you have an android 11/12 phone, even if you don't use wifi.

Linux desktop/laptop users should be worried if they have wifi enabled, even if not connected to a network.

[galangalalgol]

Why 11/12? I have 13 and my kernel is 4.14. They said these got added in 5.1/5.2 right? Android seems to have wildly varying kernels within versions.

[heavyset_go]

Kernel versions are going to be dependent on the whims of manufacturers.

[chasil]

Pixel 3a XL running Lineage 19-20220917, Android 12.

/proc/version says 4.9.327.

Assuming not impacted, hopefully the November patch will address any remnants.

[ranguna]

Motorola Edge 30 ultra running the stock android 12 ROM is on 5.10.

Guess I'm unlucky.

[dontbenebby]

>It's worse than that - android kernels process beacon frames even if wifi is disabled.

>So you should be worried about this if you have an android 11/12 phone, even if you don't use wifi.

Is this issue (RCE even with wifi off across a huge swathe of devices ) common to many vulnerabilities, and we're just discussing this one because it hit the front page, or is this vulnerability especially... egregious?

[londons_explore]

> this vulnerability especially... egregious

This. The typical vulnerability requires an obscure hardware or software config, the user to do something unusual or foolish, or an attacker on the local network. This requires none of that.

[dontbenebby]

>The typical vulnerability requires an obscure hardware or software config, the user to do something unusual or foolish, or an attacker on the local network. This requires none of that.

Thanks for the explanation. I usually abhor how the word "wormable" is thrown around but it sounds like it might apply here, especially since many devices running this software may be difficult to patch? Yikes.

I actually just put in my two weeks notice to spend the rest of spooky season focused on my art rather than infosec, but I hope folks don't have this... abused.

[smeagull]

> So you should be worried about this if you have an android 11/12 phone, even if you don't use wifi.

Android 12 is 4.14

[kramerger]

That's odd, mine is on 5.4

[Delk]

It looks like each Android release allows for a selection of kernel versions (for the OEM):

https://source.android.com/docs/core/architecture/kernel/and...

Mine is at 4.19.

[galangalalgol]

My pixel 4a says it is on android 13 but kernel 4.14. It seems they break their own rules.

[XMPPwocky]

at least one of the RCE vulns seems to be exploitable even without connecting to any network (reachable via probe response handling).