CVE-2022-41674

An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html	Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2022/10/13/2	Mailing List Patch Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1203770	Issue Tracking Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c	Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d	Mailing List Patch Vendor Advisory
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/
https://www.debian.org/security/2022/dsa-5257	Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/10/13/5	Exploit Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:35:::::::*
	cpe:2.3:o:fedoraproject:fedora:36:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

History

07 Nov 2023, 03:52

Type	Values Removed	Values Added
References	{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/', 'name': 'FEDORA-2022-1a5b125ac6', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/', 'name': 'FEDORA-2022-b948fc3cfb', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/', 'name': 'FEDORA-2022-2cfbe17910', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/ -

31 Jan 2023, 18:10

Type	Values Removed	Values Added
References	~~(MISC) http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html -~~	(MISC) http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html - Third Party Advisory, VDB Entry

21 Nov 2022, 18:15

Type	Values Removed	Values Added
References		(MISC) http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html -

04 Nov 2022, 19:15

Type	Values Removed	Values Added
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html - Mailing List, Third Party Advisory
CPE		cpe:2.3:o:debian:debian_linux:10.0:::::::*

01 Nov 2022, 23:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html -

28 Oct 2022, 20:10

Type	Values Removed	Values Added
CPE		cpe:2.3:o:debian:debian_linux:11.0:::::::*
References	~~(DEBIAN) https://www.debian.org/security/2022/dsa-5257 -~~	(DEBIAN) https://www.debian.org/security/2022/dsa-5257 - Third Party Advisory
First Time		Debian debian Linux Debian

19 Oct 2022, 09:15

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2022/dsa-5257 -

18 Oct 2022, 14:11

Type	Values Removed	Values Added
CPE		cpe:2.3:o:fedoraproject:fedora:36:::::::* cpe:2.3:o:fedoraproject:fedora:35:::::::* cpe:2.3:o:fedoraproject:fedora:37:::::::* cpe:2.3:o:linux:linux_kernel::::::::
References	~~(MISC) https://www.openwall.com/lists/oss-security/2022/10/13/5 -~~	(MISC) https://www.openwall.com/lists/oss-security/2022/10/13/5 - Exploit, Mailing List, Third Party Advisory
References	~~(MISC) https://bugzilla.suse.com/show_bug.cgi?id=1203770 -~~	(MISC) https://bugzilla.suse.com/show_bug.cgi?id=1203770 - Issue Tracking, Patch, Third Party Advisory
References	~~(MISC) http://www.openwall.com/lists/oss-security/2022/10/13/2 -~~	(MISC) http://www.openwall.com/lists/oss-security/2022/10/13/2 - Mailing List, Patch, Third Party Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/ - Mailing List, Third Party Advisory
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d - Mailing List, Patch, Vendor Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/ - Mailing List, Third Party Advisory
References	~~(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c -~~	(MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c - Vendor Advisory
References	~~(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/ -~~	(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/ - Mailing List, Third Party Advisory
First Time		Fedoraproject Linux Fedoraproject fedora Linux linux Kernel
CWE		CWE-787
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1

18 Oct 2022, 01:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/ -

15 Oct 2022, 23:15

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/ -

15 Oct 2022, 16:15

Type	Values Removed	Values Added
Summary	~~An issue was discovered in the Linux kernel through 5.19.11. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.~~	An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.

14 Oct 2022, 15:16

Type	Values Removed	Values Added
References		(FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/ -

14 Oct 2022, 00:31

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-14 00:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-41674

Mitre link : CVE-2022-41674

CVE.ORG link : CVE-2022-41674

JSON object : View

Products Affected

linux

linux_kernel

debian

debian_linux

fedoraproject

fedora

CWE

CWE-787

Out-of-bounds Write

8.1 /10