Lucene search

K
archlinuxArchLinuxASA-202210-3
HistoryOct 14, 2022 - 12:00 a.m.

[ASA-202210-3] linux-lts: multiple issues

2022-10-1400:00:00
security.archlinux.org
31
linux-lts
multiple issues
arbitrary code execution
information disclosure
denial of service
cve-2022-41674
cve-2022-42719
cve-2022-42720
cve-2022-42721
cve-2022-42722
kernel 5.15.73
remote attacker
wlan frames
mac80211 stack
buffer overflow
use-after-free
refcounting bugs
list management bug
p2p devices

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.6%

Arch Linux Security Advisory ASA-202210-3

Severity: Critical
Date : 2022-10-14
CVE-ID : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721
CVE-2022-42722
Package : linux-lts
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2802

Summary

The package linux-lts before version 5.15.73-3 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure and denial of service.

Resolution

Upgrade to 5.15.73-3.

pacman -Syu β€œlinux-lts>=5.15.73-3”

The problems have been fixed upstream in version 5.15.73.

Workaround

None.

Description

  • CVE-2022-41674 (information disclosure)

A buffer overflow flaw was found in the u8 overflow in
cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the
Linux kernel’s wifi subcomponent. This flaw allows a remote attacker to
inject WLAN frames to crash the system or leak internal kernel
information.

  • CVE-2022-42719 (arbitrary code execution)

A use-after-free in the mac80211 stack when parsing a multi-BSSID
element in the Linux kernel 5.2 through 5.19.14 could be used by remote
attackers who are able to inject WLAN frames to crash the kernel and
potentially execute code.

  • CVE-2022-42720 (arbitrary code execution)

Various refcounting bugs in the multi-BSS handling in the mac80211
stack in the Linux kernel 5.1 through 5.19.14 could be used by remote
attackers who are able to inject WLAN frames to trigger use-after-free
conditions to potentially execute code.

  • CVE-2022-42721 (arbitrary code execution)

A list management bug in BSS handling in the mac80211 stack in the
Linux kernel 5.1 through 5.19.14 could be used by remote attackers who
are able to inject WLAN frames to corrupt a linked list and, in turn,
potentially execute code.

  • CVE-2022-42722 (denial of service)

In the Linux kernel 5.8 through 5.19.14, remote attackers are able to
inject WLAN frames into the mac80211 stack could cause a NULL pointer
dereference denial-of-service attack against the beacon protection of
P2P devices.

Impact

A remote attacker is able to inject WLAN frames to crash the system or
execute arbitrary code on the affected host.

References

https://www.openwall.com/lists/oss-security/2022/10/13/2
https://lore.kernel.org/netdev/[email protected]/T/#u
https://www.openwall.com/lists/oss-security/2022/10/13/5
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d
https://bugzilla.suse.com/show_bug.cgi?id=1203770
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6
https://bugzilla.suse.com/show_bug.cgi?id=1204051
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f
https://bugzilla.suse.com/show_bug.cgi?id=1204059
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f
https://bugzilla.suse.com/show_bug.cgi?id=1204060
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2d03cabe2b2e150ff5a381731ea0355459be09f
https://bugzilla.suse.com/show_bug.cgi?id=1204125
https://security.archlinux.org/CVE-2022-41674
https://security.archlinux.org/CVE-2022-42719
https://security.archlinux.org/CVE-2022-42720
https://security.archlinux.org/CVE-2022-42721
https://security.archlinux.org/CVE-2022-42722

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanylinux-lts<Β 5.15.73-3UNKNOWN

References

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.01

Percentile

83.6%