---

CVE-2022-41674 - log back

CVE-2022-41674 edited at 14 Oct 2022 22:41:09

References

https://www.openwall.com/lists/oss-security/2022/10/13/2 https://www.openwall.com/lists/oss-security/2022/10/13/5 https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u - https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d https://bugzilla.suse.com/show_bug.cgi?id=1203770

CVE-2022-41674 edited at 14 Oct 2022 22:34:32
Notes	introduced in v5.1-rc1 + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b8fb8235be8be99a197e8d948fc0a2df8dc261a

CVE-2022-41674 edited at 14 Oct 2022 22:33:40
Notes	+ introduced in v5.1-rc1

CVE-2022-41674 edited at 14 Oct 2022 18:41:02

Description

- A buffer overflow flaw was found in the u8 overflow in cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the Linux kernel’s wifi subcomponent. This flaw allows an attacker to inject WLAN frames to crash the system or leak internal kernel information. + A buffer overflow flaw was found in the u8 overflow in cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the Linux kernel’s wifi subcomponent. This flaw allows a remote attacker to inject WLAN frames to crash the system or leak internal kernel information.

CVE-2022-41674 edited at 14 Oct 2022 18:33:42
Severity	- Critical + High
Type	- Arbitrary code execution + Information disclosure

CVE-2022-41674 edited at 14 Oct 2022 18:33:22

Description

- An issue was discovered in the Linux kernel through 5.19.11. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. + A buffer overflow flaw was found in the u8 overflow in cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the Linux kernel’s wifi subcomponent. This flaw allows an attacker to inject WLAN frames to crash the system or leak internal kernel information.

CVE-2022-41674 edited at 14 Oct 2022 18:31:25
References	+ https://www.openwall.com/lists/oss-security/2022/10/13/2 + https://www.openwall.com/lists/oss-security/2022/10/13/5 + https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d https://bugzilla.suse.com/show_bug.cgi?id=1203770

CVE-2022-41674 edited at 14 Oct 2022 18:31:03
Severity	- Unknown + Critical
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ An issue was discovered in the Linux kernel through 5.19.11. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
References	+ https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d + https://bugzilla.suse.com/show_bug.cgi?id=1203770
Notes

CVE-2022-41674 created at 14 Oct 2022 18:21:23