7.8

CVE-2022-49023

wifi: cfg80211: fix buffer overflow in elem comparison

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: fix buffer overflow in elem comparison

For vendor elements, the code here assumes that 5 octets
are present without checking. Since the element itself is
already checked to fit, we only need to check the length.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.1 < 5.4.226
LinuxLinux Kernel Version >= 5.5 < 5.10.158
LinuxLinux Kernel Version >= 5.11 < 5.15.82
LinuxLinux Kernel Version >= 5.16 < 6.0.12
LinuxLinux Kernel Version6.1 Updaterc1
LinuxLinux Kernel Version6.1 Updaterc2
LinuxLinux Kernel Version6.1 Updaterc3
LinuxLinux Kernel Version6.1 Updaterc4
LinuxLinux Kernel Version6.1 Updaterc5
LinuxLinux Kernel Version6.1 Updaterc6
LinuxLinux Kernel Version6.1 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.175
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

https://git.kernel.org/stable/c/391cb872553627bdcf236c03ee7d5adb275e37e1
Patch
https://git.kernel.org/stable/c/88a6fe3707888bd1893e9741157a7035c4159ab6
Patch
https://git.kernel.org/stable/c/9e6b79a3cd17620d467311b30d56f2648f6880aa
Patch
https://git.kernel.org/stable/c/9f16b5c82a025cd4c864737409234ddc44fb166a
Patch
https://git.kernel.org/stable/c/f5c2ec288a865dbe3706b09bed12302e9f6d696b
Patch