ArchLinux: 202210-2: linux: multiple issues | LinuxSecurity.com
Arch Linux Security Advisory ASA-202210-2
=========================================

Severity: Critical
Date    : 2022-10-14
CVE-ID  : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721
           CVE-2022-42722
Package : linux
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2801

Summary
=======

The package linux before version 6.0.1.arch2-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure and denial of service.

Resolution
==========

Upgrade to 6.0.1.arch2-1.

# pacman -Syu "linux>=6.0.1.arch2-1"

The problems have been fixed upstream in version 6.0.1.arch2.

Workaround
==========

None.

Description
===========

- CVE-2022-41674 (information disclosure)

A buffer overflow flaw was found in the u8 overflow in
cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the
Linux kernel’s wifi subcomponent. This flaw allows a remote attacker to
inject WLAN frames to crash the system or leak internal kernel
information.

- CVE-2022-42719 (arbitrary code execution)

A use-after-free in the mac80211 stack when parsing a multi-BSSID
element in the Linux kernel 5.2 through 5.19.14 could be used by remote
attackers who are able to inject WLAN frames to crash the kernel and
potentially execute code.

- CVE-2022-42720 (arbitrary code execution)

Various refcounting bugs in the multi-BSS handling in the mac80211
stack in the Linux kernel 5.1 through 5.19.14 could be used by remote
attackers who are able to inject WLAN frames to trigger use-after-free
conditions to potentially execute code.

- CVE-2022-42721 (arbitrary code execution)

A list management bug in BSS handling in the mac80211 stack in the
Linux kernel 5.1 through 5.19.14 could be used by remote attackers who
are able to inject WLAN frames to corrupt a linked list and, in turn,
potentially execute code.

- CVE-2022-42722 (denial of service)

In the Linux kernel 5.8 through 5.19.14, remote attackers are able to
inject WLAN frames into the mac80211 stack could cause a NULL pointer
dereference denial-of-service attack against the beacon protection of
P2P devices.

Impact
======

A remote attacker is able to inject WLAN frames to crash the system or
execute arbitrary code on the affected host.

References
==========

https://www.openwall.com/lists/oss-security/2022/10/13/2
https://lore.kernel.org/netdev/[email protected]/T/#u
https://www.openwall.com/lists/oss-security/2022/10/13/5
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d
https://bugzilla.suse.com/show_bug.cgi?id=1203770
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6
https://bugzilla.suse.com/show_bug.cgi?id=1204051
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f
https://bugzilla.suse.com/show_bug.cgi?id=1204059
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f
https://bugzilla.suse.com/show_bug.cgi?id=1204060
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2d03cabe2b2e150ff5a381731ea0355459be09f
https://bugzilla.suse.com/show_bug.cgi?id=1204125
https://security.archlinux.org/CVE-2022-41674
https://security.archlinux.org/CVE-2022-42719
https://security.archlinux.org/CVE-2022-42720
https://security.archlinux.org/CVE-2022-42721
https://security.archlinux.org/CVE-2022-42722

ArchLinux: 202210-2: linux: multiple issues

October 14, 2022

Summary

- CVE-2022-41674 (information disclosure)
A buffer overflow flaw was found in the u8 overflow in cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the Linux kernel’s wifi subcomponent. This flaw allows a remote attacker to inject WLAN frames to crash the system or leak internal kernel information.
- CVE-2022-42719 (arbitrary code execution)
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by remote attackers who are able to inject WLAN frames to crash the kernel and potentially execute code.
- CVE-2022-42720 (arbitrary code execution)
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by remote attackers who are able to inject WLAN frames to trigger use-after-free conditions to potentially execute code.
- CVE-2022-42721 (arbitrary code execution)
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by remote attackers who are able to inject WLAN frames to corrupt a linked list and, in turn, potentially execute code.
- CVE-2022-42722 (denial of service)
In the Linux kernel 5.8 through 5.19.14, remote attackers are able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.

Resolution

Upgrade to 6.0.1.arch2-1.
# pacman -Syu "linux>=6.0.1.arch2-1"
The problems have been fixed upstream in version 6.0.1.arch2.

References

https://www.openwall.com/lists/oss-security/2022/10/13/2 https://lore.kernel.org/netdev/[email protected]/T/#u https://www.openwall.com/lists/oss-security/2022/10/13/5 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d https://bugzilla.suse.com/show_bug.cgi?id=1203770 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6 https://bugzilla.suse.com/show_bug.cgi?id=1204051 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f https://bugzilla.suse.com/show_bug.cgi?id=1204059 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f https://bugzilla.suse.com/show_bug.cgi?id=1204060 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2d03cabe2b2e150ff5a381731ea0355459be09f https://bugzilla.suse.com/show_bug.cgi?id=1204125 https://security.archlinux.org/CVE-2022-41674 https://security.archlinux.org/CVE-2022-42719 https://security.archlinux.org/CVE-2022-42720 https://security.archlinux.org/CVE-2022-42721 https://security.archlinux.org/CVE-2022-42722

Severity
CVE-ID : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721
CVE-2022-42722
Package : linux
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2801

Impact

A remote attacker is able to inject WLAN frames to crash the system or execute arbitrary code on the affected host.

Workaround

None.

Related News

326
© 2022 Guardian Digital, Inc All Rights Reserved

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.