CVE-2022-42721

Опубликовано: 14 окт. 2022

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.

Ссылки

http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2022/10/13/5
Exploit
Mailing List
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1204060
Issue Tracking
Patch
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f
Mailing List
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/
https://security.netapp.com/advisory/ntap-20230203-0008/
https://www.debian.org/security/2022/dsa-5257
Third Party Advisory
http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2022/10/13/5
Exploit
Mailing List
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1204060
Issue Tracking
Patch
Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f
Mailing List
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/
https://security.netapp.com/advisory/ntap-20230203-0008/
https://www.debian.org/security/2022/dsa-5257
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.1 (включая) до 5.19.16 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00075

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-835

Связанные уязвимости

CVE-2022-42721

CVSS3: 5.5

ubuntu

больше 2 лет назад

CVE-2022-42721

CVSS3: 5.5

redhat

больше 2 лет назад

CVE-2022-42721

CVSS3: 5.5

msrc

больше 2 лет назад

Описание отсутствует

CVE-2022-42721

CVSS3: 5.5

debian

больше 2 лет назад

A list management bug in BSS handling in the mac80211 stack in the Lin ...

GHSA-6976-m887-r48h

CVSS3: 5.5

github

больше 2 лет назад

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.

EPSS

Процентиль: 23%

0.00075

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-835