CVE-2022-42721

MEDIUM

Linux Kernel 5.1-5.19.x - Remote Code Execution via BSS Handling in mac80211 Stack

Title source: llm
STIX 2.1

Description

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.

References (10)

Core 10
Core References
Exploit, Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/10/13/5
Issue Tracking, Patch, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1204060
Third Party Advisory vendor-advisory
https://www.debian.org/security/2022/dsa-5257
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Scores

CVSS v3 5.5
EPSS 0.0057
EPSS Percentile 42.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-835
Status published
Products (6)
debian/debian_linux 10.0
debian/debian_linux 11.0
fedoraproject/fedora 35
fedoraproject/fedora 36
fedoraproject/fedora 37
linux/linux_kernel 5.1 - 5.19.16
Published Oct 14, 2022
Tracked Since Feb 18, 2026