CVE-2022-42719

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.2 through 5.19.x before 5.19.16

Description A use-after-free issue in the mac80211 stack when parsing a multi-BSSID element could be exploited by attackers able to inject WLAN frames to crash the kernel and potentially execute code. This issue is related to a logic error in the code, specifically in the ieee802 11 parse elems crc function of util.c, which could lead to remote code execution without additional execution privileges needed. User interaction is not required for exploitation.

Recommendations For Linux kernel versions 5.2 through 5.19.x before 5.19.16, update to version 5.19.16 or later to resolve the issue. As a temporary workaround, consider restricting access to WLAN frames to minimize the risk of exploitation. Additionally, ensure that any code using the ieee802 11 parse elems crc function is reviewed and updated to prevent potential use-after-free errors.