CVE-2022-23088
CRITICALFreeBSD < 12.3 - Remote Code Execution via Malicious 802.11 Beacon Frame
Title source: llmDescription
The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://security.freebsd.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc
Scores
CVSS v3
9.8
EPSS
0.0333
EPSS Percentile
87.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (4)
freebsd/freebsd
12.3 p1 (4 CPE variants)
freebsd/freebsd
13.0 beta1 (21 CPE variants)
freebsd/freebsd
13.1 b1-p1 (2 CPE variants)
freebsd/freebsd
< 12.3
Published
Feb 15, 2024
Tracked Since
Feb 18, 2026