Home > Vulnerability Database > CVE-2022-42721

Mend.io Vulnerability Database

CVE-2022-42721

Date: October 12, 2022

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.

Language: C

Severity Score

5.5

Related Resources (17)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/

Url: http://www.openwall.com/lists/oss-security/2022/10/13/5

Url: http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/

Url: https://security.netapp.com/advisory/ntap-20230203-0008/

Url: https://access.redhat.com/security/cve/CVE-2022-42721

Url: https://security-tracker.debian.org/tracker/CVE-2022-42721

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-42721

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/

Url: https://bugzilla.suse.com/show_bug.cgi?id=1204060

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/

Url: https://www.debian.org/security/2022/dsa-5257

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/

Url: https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f

Url: https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Url: https://www.mend.io/vulnerability-database/CVE-2022-42721

Severity Score

5.5

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-42721

Date: October 12, 2022

Language: C

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?