Linus Torvalds is primarily responsible for the Linux kernel, but he mainly focuses on point-zero versions that he releases every two months or so. Then there are other developers or maintainers who are responsible for releasing maintenance updates, such as Greg Kroah-Hartman, who released a few hours ago Linux 6.0.2 to fix security flaws affecting the WiFi stack. Along with 6.0.2, Kroah-Hartman has also released updates to the affected kernels that are still supported.
In total, fixed 5 vulnerabilities affecting the WiFi Stack, making all of them known last Thursday, October 13. Not even two days have passed for the patches to be released, and all users are advised to update as soon as possible. The new versions are Linux 6.0.2, Linux 5.19.16, Linux 5.15.74, Linux 5.10.148, and Linux 5.4.248; the rest of the LTS versions still supported (4.9, 4.14 and 4.19) would not be affected.
Linux 6.0.2 and other LTS fixes 5 security flaws
The security flaws fixed are:
- CVE-2022-41674 – Fix u8 overflow in cfg80211_update_notlisted_nontrans (max 256 byte overwrite).
- CVE-2022-42719: wifi: mac80211: fix parsing of MBSSID use-after-free use-after-free condition.
- CVE-2022-42720: wifi: cfg80211: fixed SRS count errors regarding usability after release.
- CVE-2022-42721: wifi: cfg80211: prevent untransmitted BSS list corruption.
- CVE-2022-42722: wifi: mac80211: Fixed beacon protection failing in case the P2P device suffers from a NULL ptr bypass.
Linux 6.0.2 and all other LTS versions with patches are available in kernel.org, requiring manual installation if downloading the tarballs from said portal. Distributions like Ubuntu don't use the official kernel, and patches are released by the company that develops the operating system, like in this case Canonical. In most cases, unless manual installation has been done, patches arrive as part of operating system updates.