CVE-2022-42719 — Use After Free in Kernel

CWE-416 — Use After Free28 documents11 sources

Severity

8.8HIGHNVD

OSV8.1OSV7.0OSV5.5

EPSS

0.6%

top 30.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Debian Linux +5 more

Timeline

PublishedOct 13

Latest updateJun 15

Description

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

▶NVDlinux/linux_kernel5.2 — 5.4.219+4

▶Debianlinux/linux_kernel< 5.10.149-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-132.148+3

▶msrcmsrc/cbl2_kernel_5.15.74.1-3_on_cbl_mariner_2.0

▶msrcmsrc/cm1_kernel_5.10.149.1-1_on_cbl_mariner_1.0

Also affects: Debian Linux 10.0, 11.0, Fedora 35, 36, 37

Patches

Patch: www.openwall.com ↗Patch: bugzilla.suse.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

Kernel Live Patch Security Notice↗2023-02-14

▶

OSV

CVE-2022-42719: In ieee802_11_parse_elems_crc of util↗2023-01-01

▶

OSV

linux-azure-fde vulnerabilities↗2022-11-30

▶

OSV

linux-gcp-5.4 vulnerabilities↗2022-11-29

▶

OSV

linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4 vulnerabilities↗2022-11-18

▶

📋Vendor Advisories

CISA ICS

Siemens SIMATIC S7-1500 TM MFP Linux Kernel↗2023-06-15

▶

Ubuntu

Kernel Live Patch Security Notice↗2023-02-14

▶

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2022-42719↗2023-01-05

▶

Android

CVE-2022-42719: mac80211↗2023-01-01

▶

Ubuntu

Linux kernel (Azure CVM) vulnerabilities↗2022-11-30

▶