Vulnerability Details : CVE-2022-42721
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
Vulnerability category: Execute code
Products affected by CVE-2022-42721
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-42721
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-42721
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2022-42721
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-42721
-
http://www.openwall.com/lists/oss-security/2022/10/13/5
oss-security - Re: Various Linux Kernel WLAN security issues (RCE/DOS) foundExploit;Mailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/
[SECURITY] Fedora 35 Update: kernel-5.19.15-101.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/
[SECURITY] Fedora 37 Update: kernel-5.19.15-301.fc37 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1204060
Bug 1204060 – VUL-0: CVE-2022-42721: kernel: remote crash/code execution due list corruption in the wlan stackIssue Tracking;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/
[SECURITY] Fedora 36 Update: kernel-5.19.15-201.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
Kernel Live Patch Security Notice LSN-0090-1 ≈ Packet StormThird Party Advisory;VDB Entry
-
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
[SECURITY] [DLA 3173-1] linux-5.10 security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2022/dsa-5257
Debian -- Security Information -- DSA-5257-1 linuxThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20230203-0008/
October 2022 Linux Kernel 5.19.15 Vulnerabilities in NetApp Products | NetApp Product Security
-
https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f
kernel/git/wireless/wireless.git - kvalo's fork of linux.gitMailing List;Patch;Vendor Advisory
Jump to