Mark Esler <mark.esler@xxxxxxxxxxxxx> writes: > On Fri, Aug 02, 2024 at 03:57:47PM +0800, color Ice wrote: >> Dear RT2X00 driver maintainers, >> >> We have discovered a critical vulnerability in the RT2X00 driver. We >> recommend urgently submitting an update. >> >> *Vulnerability Description*: When a PC is running Ubuntu 22.04 or 24.04, >> executing our proof of concept (POC) can directly cause a null pointer >> dereference or use-after-free (UAF). The systems we tested were: >> >> - *Description*: Ubuntu 22.04.4 LTS *Release*: 22.04 >> - *Description*: Ubuntu 24.04 LTS *Release*: 24.04 >> >> We tested network cards from the RT2870/RT3070/RT5370 series, which all >> belong to the RT2X00 driver group, and all were able to trigger the >> vulnerability. Additionally, executing the POC requires only user-level >> privileges. Debian systems are not affected. > > It is unclear if Ubuntu is the only affected distro. It's also unclear how this works as there's no description about the issue. I'm not going to run any scripts and I don't know how python usb.core package works. I guess it needs root privileges to be able to send these USB commands? If this really is a security vulnerability, here are the instructions how to report them: https://docs.kernel.org/process/security-bugs.html Also adding Greg. -- https://patchwork.kernel.org/project/linux-wireless/list/ https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
