PT-2022-6043 · Linux+5 · Linux Kernel+5

Ajay Kathat

+2

·

Published

2022-11-24

·

Updated

2023-12-06

·

CVE-2022-47520

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.11
Description An issue in the Linux kernel's WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet, potentially allowing an attacker to cause a denial of service or elevate privileges.
Recommendations For Linux kernel versions prior to 6.0.11, update to version 6.0.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the hif.c file in the drivers/net/wireless/microchip/wilc1000 directory to minimize the risk of exploitation. Avoid using the RSN information element in Netlink packets until the issue is resolved.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2022-3272
ALT-PU-2022-3303
ALT-PU-2022-3364
ALT-PU-2022-3371
ALT-PU-2023-1066
ALT-PU-2023-1684
ALT-PU-2023-1741
ALT-PU-2023-1814
ALT-PU-2023-4894
ALT-PU-2023-7007
ALT-PU-2023-7682
AZL-11858
BDU:2022-07507
CVE-2022-47520
DLA-3244-1
OESA-2022-2162
OPENSUSE-SU-2023_0146-1
OPENSUSE-SU-2023_0147-1
OPENSUSE-SU-2023_0149-1
OPENSUSE-SU-2023_0152-1
SUSE-SU-2023:0146-1
SUSE-SU-2023:0147-1
SUSE-SU-2023:0149-1
SUSE-SU-2023:0152-1
SUSE-SU-2023:0406-1
SUSE-SU-2023:0591-1
USN-5911-1
USN-5912-1
USN-5913-1
USN-5914-1
USN-5917-1
USN-5929-1
USN-5934-1
USN-5935-1
USN-5938-1
USN-5939-1
USN-5940-1
USN-5941-1
USN-5950-1
USN-5951-1
USN-5962-1
USN-6000-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu