CVE-2022-42719

HIGH

Linux Kernel 5.2-5.19.x - Use-After-Free in mac80211 Multi-BSSID Element Parser

Title source: llm
STIX 2.1

Description

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

References (11)

Core 11
Core References
Mailing List, Patch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/10/13/2
Exploit, Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/10/13/5
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1204051
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5257
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Scores

CVSS v3 8.8
EPSS 0.0063
EPSS Percentile 70.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (6)
debian/debian_linux 10.0
debian/debian_linux 11.0
fedoraproject/fedora 35
fedoraproject/fedora 36
fedoraproject/fedora 37
linux/linux_kernel 5.2 - 5.4.219
Published Oct 13, 2022
Tracked Since Feb 18, 2026