5.5

CVE-2022-42721

Exploit

EPSS 0.02%
Veröffentlicht 14.10.2022 00:15:09
Zuletzt bearbeitet 15.05.2025 21:15:49
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.1 < 5.19.16

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version36

Fedoraproject ≫ Fedora Version37

Debian ≫ Debian Linux Version10.0

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.055

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html

Third Party Advisory

VDB Entry

https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Third Party Advisory

Mailing List

https://www.debian.org/security/2022/dsa-5257

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/

http://www.openwall.com/lists/oss-security/2022/10/13/5

Third Party Advisory

Exploit

Mailing List

https://security.netapp.com/advisory/ntap-20230203-0008/

https://bugzilla.suse.com/show_bug.cgi?id=1204060

Patch

Third Party Advisory

Issue Tracking

https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f

Patch

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-42721

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-42721

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-42721

EUVD