Lucene search

K
osvGoogleOSV:ASB-A-253642088
HistoryJan 01, 2023 - 12:00 a.m.

: wifi: cfg80211: avoid nontransmitted BSS list corruption

2023-01-0100:00:00
Google
osv.dev
23
corruption vulnerability
wifi
cfg80211
software
remote code execution

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0

Percentile

5.1%

In cfg80211_add_nontrans_list of scan.c, there is a possible way to corrupt a list due to a logic error in the code. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

References

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0

Percentile

5.1%