Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-202210-2
HistoryOct 14, 2022 - 12:00 a.m.

[ASA-202210-2] linux: multiple issues

2022-10-1400:00:00
security.archlinux.org
14

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.9%

JSON

Arch Linux Security Advisory ASA-202210-2

Severity: Critical
Date : 2022-10-14
CVE-ID : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721
CVE-2022-42722
Package : linux
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2801

Summary

The package linux before version 6.0.1.arch2-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure and denial of service.

Resolution

Upgrade to 6.0.1.arch2-1.

pacman -Syu β€œlinux>=6.0.1.arch2-1”

The problems have been fixed upstream in version 6.0.1.arch2.

Workaround

None.

Description

  • CVE-2022-41674 (information disclosure)

A buffer overflow flaw was found in the u8 overflow in
cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the
Linux kernel’s wifi subcomponent. This flaw allows a remote attacker to
inject WLAN frames to crash the system or leak internal kernel
information.

  • CVE-2022-42719 (arbitrary code execution)

A use-after-free in the mac80211 stack when parsing a multi-BSSID
element in the Linux kernel 5.2 through 5.19.14 could be used by remote
attackers who are able to inject WLAN frames to crash the kernel and
potentially execute code.

  • CVE-2022-42720 (arbitrary code execution)

Various refcounting bugs in the multi-BSS handling in the mac80211
stack in the Linux kernel 5.1 through 5.19.14 could be used by remote
attackers who are able to inject WLAN frames to trigger use-after-free
conditions to potentially execute code.

  • CVE-2022-42721 (arbitrary code execution)

A list management bug in BSS handling in the mac80211 stack in the
Linux kernel 5.1 through 5.19.14 could be used by remote attackers who
are able to inject WLAN frames to corrupt a linked list and, in turn,
potentially execute code.

  • CVE-2022-42722 (denial of service)

In the Linux kernel 5.8 through 5.19.14, remote attackers are able to
inject WLAN frames into the mac80211 stack could cause a NULL pointer
dereference denial-of-service attack against the beacon protection of
P2P devices.

Impact

A remote attacker is able to inject WLAN frames to crash the system or
execute arbitrary code on the affected host.

References

https://www.openwall.com/lists/oss-security/2022/10/13/2
https://lore.kernel.org/netdev/[email protected]/T/#u
https://www.openwall.com/lists/oss-security/2022/10/13/5
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d
https://bugzilla.suse.com/show_bug.cgi?id=1203770
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6
https://bugzilla.suse.com/show_bug.cgi?id=1204051
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f
https://bugzilla.suse.com/show_bug.cgi?id=1204059
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f
https://bugzilla.suse.com/show_bug.cgi?id=1204060
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2d03cabe2b2e150ff5a381731ea0355459be09f
https://bugzilla.suse.com/show_bug.cgi?id=1204125
https://security.archlinux.org/CVE-2022-41674
https://security.archlinux.org/CVE-2022-42719
https://security.archlinux.org/CVE-2022-42720
https://security.archlinux.org/CVE-2022-42721
https://security.archlinux.org/CVE-2022-42722

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanylinux<Β 6.0.1.arch2-1UNKNOWN

References

Related

openwrt 1
archlinux 3
ubuntu 11
osv 23
nessus 51
openvas 24
fedora 3
malwarebytes 1
suse 4
mageia 2
ubuntucve 5
alpinelinux 5
debian 2
prion 5
veracode 5
cve 5
cbl_mariner 10
debiancve 5
cnvd 1
redhatcve 5
redhat 9
photon 5
rosalinux 1
redos 1
ibm 3
slackware 1
oraclelinux 2
almalinux 4
ics 1
openwrt
openwrt
Security Advisory 2022-10-17-1 - Multiple issues in mac80211 and cfg80211 (CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721 and CVE-2022-42722)
2022-10-16 22:07:45
archlinux
archlinux
[ASA-202210-4] linux-zen: multiple issues
2022-10-14 00:00:00
[ASA-202210-1] linux-hardened: multiple issues
2022-10-14 00:00:00
[ASA-202210-3] linux-lts: multiple issues
2022-10-14 00:00:00
ubuntu
ubuntu
backport-iwlwifi-dkms vulnerabilities
2022-11-01 00:00:00
Linux kernel vulnerabilities
2022-10-26 00:00:00
Linux kernel vulnerabilities
2022-10-19 00:00:00
osv
osv
backport-iwlwifi-dkms vulnerabilities
2022-11-01 13:15:44
linux-azure-fde vulnerabilities
2022-11-30 22:35:42
linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-gcp, linux-gcp-5.15, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oem-5.14, linux-oracle, linux-raspi vulnerabilities
2022-10-19 22:06:48
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS : backport-iwlwifi-dkms vulnerabilities (USN-5708-1)
2022-11-02 00:00:00
Ubuntu 22.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5752-1)
2022-12-01 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5692-1)
2022-10-19 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5708-1)
2022-11-02 00:00:00
Ubuntu: Security Advisory (USN-5700-1)
2022-10-27 00:00:00
Ubuntu: Security Advisory (USN-5752-1)
2022-12-01 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: kernel-5.19.15-101.fc35
2022-10-15 21:27:56
[SECURITY] Fedora 37 Update: kernel-5.19.15-301.fc37
2022-10-17 22:55:48
[SECURITY] Fedora 36 Update: kernel-5.19.15-201.fc36
2022-10-14 13:03:41
malwarebytes
malwarebytes
Google patches 60 vulnerabilities in first Android update of 2023
2023-01-05 09:00:00
suse
suse
Security update for the Linux Kernel (important)
2022-11-02 00:00:00
Security update for the Linux Kernel (important)
2022-10-26 00:00:00
Security update for the Linux Kernel (important)
2022-10-31 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2022-10-23 23:35:49
Updated kernel-linus packages fix security vulnerabilities
2022-10-23 23:35:49
ubuntucve
ubuntucve
CVE-2022-42719
2022-10-13 00:00:00
CVE-2022-42722
2022-10-14 00:00:00
CVE-2022-42720
2022-10-14 00:00:00
alpinelinux
alpinelinux
CVE-2022-42719
2022-10-13 23:15:00
CVE-2022-42720
2022-10-14 00:15:00
CVE-2022-42721
2022-10-14 00:15:00
debian
debian
[SECURITY] [DSA 5257-1] linux security update
2022-10-18 21:06:43
[SECURITY] [DLA 3173-1] linux-5.10 security update
2022-11-01 20:57:30
prion
prion
Double free
2022-10-13 23:15:00
Null pointer dereference
2022-10-14 00:15:00
Buffer overflow
2022-10-14 00:15:00
veracode
veracode
Buffer Overflow
2022-10-19 17:12:54
Denial Of Service (DoS)
2022-10-19 17:11:43
Denial Of Service (DoS)
2022-10-19 17:12:41
cve
cve
CVE-2022-42720
2022-10-14 00:15:00
CVE-2022-42722
2022-10-14 00:15:00
CVE-2022-42721
2022-10-14 00:15:00
cbl_mariner
cbl_mariner
CVE-2022-42720 affecting package kernel 5.15.70.1-1
2022-11-03 20:38:13
CVE-2022-41674 affecting package kernel 5.15.70.1-1
2022-11-03 20:38:13
CVE-2022-41674 affecting package kernel 5.10.145.1-1
2022-11-03 00:45:13
debiancve
debiancve
CVE-2022-42719
2022-10-13 23:15:00
CVE-2022-41674
2022-10-14 00:15:00
CVE-2022-42721
2022-10-14 00:15:00
cnvd
cnvd
Linux kernel denial-of-service vulnerability (CNVD-2022-74090)
2022-10-14 00:00:00
redhatcve
redhatcve
CVE-2022-42719
2022-10-13 13:29:31
CVE-2022-41674
2022-10-13 13:29:21
CVE-2022-42720
2022-10-13 13:29:38
redhat
redhat
(RHSA-2024:1188) Moderate: kernel security, bug fix, and enhancement update
2024-03-06 12:21:12
(RHSA-2024:1255) Moderate: OpenShift Container Platform 4.15.3 bug fix and security update
2024-03-19 00:16:31
(RHSA-2023:2148) Important: kernel-rt security and bug fix update
2023-05-09 05:01:55
photon
photon
Important Photon OS Security Update - PHSA-2022-0275
2022-11-04 00:00:00
Critical Photon OS Security Update - PHSA-2022-0271
2022-10-28 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0271
2022-10-28 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2189
2023-07-11 14:30:55
redos
redos
ROS-20221220-01
2022-12-20 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Linux kernel, libssh, and Java can affect IBM Spectrum Protect Plus
2023-08-22 14:18:43
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-07-03 18:48:48
Security Bulletin: Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management
2023-07-28 15:34:05
slackware
slackware
[slackware-security] Slackware 15.0 kernel
2022-11-29 21:04:28
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2023-05-23 00:00:00
kernel security, bug fix, and enhancement update
2023-05-15 00:00:00
almalinux
almalinux
Important: kernel-rt security and bug fix update
2023-05-09 00:00:00
Important: kernel security, bug fix, and enhancement update
2023-05-16 00:00:00
Important: kernel-rt security and bug fix update
2023-05-16 00:00:00
ics
ics
Siemens SIMATIC S7-1500 TM MFP Linux Kernel
2023-06-15 12:00:00

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

5.8 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.9%

JSON
Related for ASA-202210-2
openwrt1archlinux3ubuntu11osv23nessus51openvas24fedora3malwarebytes1suse4mageia2ubuntucve5alpinelinux5debian2prion5veracode5cve5cbl_mariner10debiancve5cnvd1redhatcve5redhat9photon5rosalinux1redos1ibm3slackware1oraclelinux2almalinux4ics1