PT-2022-1382 · Linux+9 · Linux Kernel+9
Soenke Huster
·
Published
2022-10-13
·
Updated
2025-05-15
·
CVE-2022-42721
CVSS v2.0
6.8
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions 5.1 through 5.19.x before 5.19.16
Description
A list management bug in BSS handling in the mac80211 stack could be used by local attackers to corrupt a linked list and potentially execute code. The issue is related to a logic error in the code, which could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Recommendations
For Linux kernel versions 5.1 through 5.19.x before 5.19.16, update to version 5.19.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the
mac80211 stack to minimize the risk of exploitation. Avoid using the cfg80211 add nontrans list function in the scan.c file until the issue is resolved.Exploit
Fix
DoS
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu