Description
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Exploits (2)
nomisec
SCANNER
by ov3rwatch · poc
https://github.com/ov3rwatch/Detection-and-Mitigation-for-CVE-2022-1679
nomisec
SCANNER
by EkamSinghWalia · poc
https://github.com/EkamSinghWalia/-Detection-and-Mitigation-for-CVE-2022-1679
References (4)
Core 4
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
Patch, Third Party Advisory
https://lore.kernel.org/lkml/87ilqc7jv9.fsf%40kernel.org/t/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220629-0007/
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
13.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (10)
debian/debian_linux
10.0
linux/linux_kernel
2.6.35 - 4.14.291
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
netapp/h700e_firmware
netapp/h700s_firmware
Published
May 16, 2022
Tracked Since
Feb 18, 2026