CVE-2022-47519 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-47519

CVE-2022-47519

December 18, 2022

An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.

Related Resources (6)

https://security.netapp.com/advisory/ntap-20230113-0007/

https://security-tracker.debian.org/tracker/CVE-2022-47519

https://lore.kernel.org/r/20221123153543.8568-3-philipturnbull@github.com

https://lore.kernel.org/r/20221123153543.8568-3-philipturnbull%40github.com

https://github.com/torvalds/linux/commit/051ae669e4505abbe05165bebf6be7922de11f41

https://lists.debian.org/debian-lts-announce/2022/12/msg00031.html

Do you need more information?

CVSS v4

Base Score:

8.5

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

EPSS

Base Score:

0.03

Products

Solutions

Resources

Company

Compare

Developer Tools