UBUNTU-CVE-2022-42719

Description

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

CVSS Metrics

• v3.1•HIGH•Score: 8.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• ubuntu•backport-iwlwifi-dkms

  all | < 8324-0ubuntu3~20.04.5 | < 9858-0ubuntu3.1 | all | all | all

• ubuntu•linux

  < 5.4.0-132.148 | < 5.15.0-52.58

• ubuntu•linux-aws

  < 5.4.0-1089.97 | < 5.15.0-1022.26

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1022.26~20.04.1

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1089.97~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-6.2

  all

• ubuntu•linux-aws-fips

  < 5.4.0-1089.97+fips1 | all

• ubuntu•linux-azure

  all | < 5.4.0-1095.101 | < 5.15.0-1022.27

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1022.27~20.04.1

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1095.101~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  < 5.15.0-1024.30.1

• ubuntu•linux-azure-fips

  < 5.4.0-1095.101+fips1 | all

• ubuntu•linux-bluefield

  < 5.4.0-1050.56 | all

• ubuntu•linux-fips

  < 5.4.0-1065.74 | all

• ubuntu•linux-gcp

  all | < 5.4.0-1093.102 | < 5.15.0-1021.28

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1021.28~20.04.1

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1093.102~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-6.2

  all

• ubuntu•linux-gcp-fips

  < 5.4.0-1093.102+fips1 | all

• ubuntu•linux-gke

  < 5.4.0-1087.94 | < 5.15.0-1019.23

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  < 5.15.0-1019.23~20.04.1

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop

  < 5.4.0-1057.61 | < 5.15.0-1007.10

• ubuntu•linux-gkeop-5.15

  < 5.15.0-1007.10~20.04.1

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.15

  < 5.15.0-52.58~20.04.1

• ubuntu•linux-hwe-5.4

  < 5.4.0-132.148~18.04.1

• ubuntu•linux-hwe-5.8

  all

• ubuntu•linux-hwe-edge

  all | all

• ubuntu•linux-ibm

  < 5.4.0-1037.42 | < 5.15.0-1017.20

• ubuntu•linux-ibm-5.4

  < 5.4.0-1037.42~18.04.1

• ubuntu•linux-intel-5.13

  all

Showing first 50 affected entries in server-rendered view.

References (16)

• https://ubuntu.com/security/CVE-2022-42719
• https://www.openwall.com/lists/oss-security/2022/10/13/2
• https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
• https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6
• https://bugzilla.suse.com/show_bug.cgi?id=1204051
• http://www.openwall.com/lists/oss-security/2022/10/13/5
• http://www.openwall.com/lists/oss-security/2022/10/13/2
• https://ubuntu.com/security/notices/USN-5692-1
• https://ubuntu.com/security/notices/USN-5693-1
• https://ubuntu.com/security/notices/USN-5700-1
• https://ubuntu.com/security/notices/USN-5708-1
• https://ubuntu.com/security/notices/USN-5728-1
• https://ubuntu.com/security/notices/USN-5728-2
• https://ubuntu.com/security/notices/USN-5728-3
• https://ubuntu.com/security/notices/USN-5752-1
• https://www.cve.org/CVERecord?id=CVE-2022-42719