CVE-2022-42720

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.1 through 5.19.x before 5.19.16

Description The issue is related to refcounting bugs in the multi-BSS handling in the mac80211 stack, which could allow local attackers to trigger use-after-free conditions and potentially execute code by injecting WLAN frames. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Recommendations For Linux kernel versions 5.1 through 5.19.x before 5.19.16, update to version 5.19.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the mac80211 stack or disabling the injection of WLAN frames until a patch is available. Avoid using functions in scan.c that may be vulnerable to use-after-free conditions until the issue is resolved.