CVE-2022-42721 — Infinite Loop in Kernel

CWE-835 — Infinite Loop CWE-20 — Improper Input Validation24 documents11 sources

Severity

5.5MEDIUMNVD

OSV8.1OSV7.0OSV6.6

EPSS

0.0%

top 94.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Debian Linux +5 more

Timeline

PublishedOct 14

Latest updateFeb 14

Description

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶NVDlinux/linux_kernel5.1 — 5.19.16

▶Debianlinux/linux_kernel< 5.10.149-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-131.147+3

▶debiandebian/linux< linux 6.0.2-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.74.1-3_on_cbl_mariner_2.0

Also affects: Debian Linux 10.0, 11.0, Fedora 35, 36, 37

Patches

Patch: bugzilla.suse.com ↗Patch: git.kernel.org ↗Patch: bugzilla.suse.com ↗

🔴Vulnerability Details

OSV

CVE-2022-42721: In cfg80211_add_nontrans_list of scan↗2023-01-01

▶

OSV

linux-azure-fde vulnerabilities↗2022-11-30

▶

OSV

Kernel Live Patch Security Notice↗2022-11-16

▶

OSV

backport-iwlwifi-dkms vulnerabilities↗2022-11-01

▶

OSV

linux-oem-5.17 vulnerabilities↗2022-10-19

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

CISA ICS

Siemens SIMATIC S7-1500 TM MFP Linux Kernel↗2023-06-15

▶

Android

CVE-2022-42721: Multiple Modules↗2023-01-01

▶

Ubuntu

Linux kernel (Azure CVM) vulnerabilities↗2022-11-30

▶

Ubuntu

Kernel Live Patch Security Notice↗2022-11-16

▶