Subject: [ASA-202210-4] linux-zen: multiple issues Arch Linux Security Advisory ASA-202210-4 ========================================= Severity: Critical Date : 2022-10-14 CVE-ID : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 Package : linux-zen Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2803 Summary ======= The package linux-zen before version 6.0.1.zen2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. Resolution ========== Upgrade to 6.0.1.zen2-1. # pacman -Syu "linux-zen>=6.0.1.zen2-1" The problems have been fixed upstream in version 6.0.1.zen2. Workaround ========== None. Description =========== - CVE-2022-41674 (information disclosure) A buffer overflow flaw was found in the u8 overflow in cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the Linux kernel’s wifi subcomponent. This flaw allows a remote attacker to inject WLAN frames to crash the system or leak internal kernel information. - CVE-2022-42719 (arbitrary code execution) A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by remote attackers who are able to inject WLAN frames to crash the kernel and potentially execute code. - CVE-2022-42720 (arbitrary code execution) Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by remote attackers who are able to inject WLAN frames to trigger use-after-free conditions to potentially execute code. - CVE-2022-42721 (arbitrary code execution) A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by remote attackers who are able to inject WLAN frames to corrupt a linked list and, in turn, potentially execute code. - CVE-2022-42722 (denial of service) In the Linux kernel 5.8 through 5.19.14, remote attackers are able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. Impact ====== A remote attacker is able to inject WLAN frames to crash the system or execute arbitrary code on the affected host. References ========== https://www.openwall.com/lists/oss-security/2022/10/13/2 https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u https://www.openwall.com/lists/oss-security/2022/10/13/5 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d https://bugzilla.suse.com/show_bug.cgi?id=1203770 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6 https://bugzilla.suse.com/show_bug.cgi?id=1204051 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f https://bugzilla.suse.com/show_bug.cgi?id=1204059 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f https://bugzilla.suse.com/show_bug.cgi?id=1204060 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2d03cabe2b2e150ff5a381731ea0355459be09f https://bugzilla.suse.com/show_bug.cgi?id=1204125 https://security.archlinux.org/CVE-2022-41674 https://security.archlinux.org/CVE-2022-42719 https://security.archlinux.org/CVE-2022-42720 https://security.archlinux.org/CVE-2022-42721 https://security.archlinux.org/CVE-2022-42722