7.8
CVE-2022-49023
- EPSS 0.26%
- Veröffentlicht 21.10.2024 20:15:13
- Zuletzt bearbeitet 24.10.2024 03:50:29
- CVE-Watchlists
- Unerledigt
wifi: cfg80211: fix buffer overflow in elem comparison
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. Since the element itself is already checked to fit, we only need to check the length.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.1 < 5.4.226
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.158
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.82
Linux ≫ Linux Kernel Version >= 5.16 < 6.0.12
Linux ≫ Linux Kernel Version6.1 Updaterc1
Linux ≫ Linux Kernel Version6.1 Updaterc2
Linux ≫ Linux Kernel Version6.1 Updaterc3
Linux ≫ Linux Kernel Version6.1 Updaterc4
Linux ≫ Linux Kernel Version6.1 Updaterc5
Linux ≫ Linux Kernel Version6.1 Updaterc6
Linux ≫ Linux Kernel Version6.1 Updaterc7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.26% | 0.175 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
https://git.kernel.org/stable/c/391cb872553627bdcf236c03ee7d5adb275e37e1
https://git.kernel.org/stable/c/88a6fe3707888bd1893e9741157a7035c4159ab6
https://git.kernel.org/stable/c/9e6b79a3cd17620d467311b30d56f2648f6880aa
https://git.kernel.org/stable/c/9f16b5c82a025cd4c864737409234ddc44fb166a
https://git.kernel.org/stable/c/f5c2ec288a865dbe3706b09bed12302e9f6d696b