Lucene search

[email protected]CVE-2022-47519

HistoryDec 18, 2022 - 6:15 a.m.

CVE-2022-47519

2022-12-1806:15:00

CWE-787

[email protected]

web.nvd.nist.gov

linux

kernel

cve-2022-47519

security

wireless

wilc1000

out-of-bounds

validation

ieee80211

p2p

wi-fi

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

14.2%

JSON

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt5.15.81
linux:linux_kernellinux linux kernellt6.0.11
linux:linux_kernellinux linux kernellt5.10.157
debian:debian_linuxdebian debian linuxeq10.0
netapp:h410c_firmwarenetapp h410c firmwareeq-
netapp:h300s_firmwarenetapp h300s firmwareeq-
netapp:h500s_firmwarenetapp h500s firmwareeq-
netapp:h700s_firmwarenetapp h700s firmwareeq-
netapp:h410s_firmwarenetapp h410s firmwareeq-

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	5.15.81
linux:linux_kernel	linux linux kernel	lt	6.0.11
linux:linux_kernel	linux linux kernel	lt	5.10.157
debian:debian_linux	debian debian linux	eq	10.0
netapp:h410c_firmware	netapp h410c firmware	eq	-
netapp:h300s_firmware	netapp h300s firmware	eq	-
netapp:h500s_firmware	netapp h500s firmware	eq	-
netapp:h700s_firmware	netapp h700s firmware	eq	-
netapp:h410s_firmware	netapp h410s firmware	eq	-