CVE-2022-42719 log

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by remote attackers who are able to inject WLAN frames to crash the kernel and potentially execute code.
Group Package Affected Fixed Severity Status Ticket
AVG-2803 linux-zen 5.1-1 6.0.1.zen2-1 Critical Fixed
AVG-2802 linux-lts 5.1-1 5.15.73-3 Critical Fixed
AVG-2801 linux 5.1-1 6.0.1.arch2-1 Critical Fixed
AVG-2800 linux-hardened 5.1-1 5.19.15.hardened2-1 Critical Fixed
Date Advisory Group Package Severity Type
14 Oct 2022 ASA-202210-4 AVG-2803 linux-zen Critical multiple issues
14 Oct 2022 ASA-202210-3 AVG-2802 linux-lts Critical multiple issues
14 Oct 2022 ASA-202210-2 AVG-2801 linux Critical multiple issues
14 Oct 2022 ASA-202210-1 AVG-2800 linux-hardened Critical multiple issues
References
https://www.openwall.com/lists/oss-security/2022/10/13/2
https://www.openwall.com/lists/oss-security/2022/10/13/5
https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6
https://bugzilla.suse.com/show_bug.cgi?id=1204051
Notes
introduced in v5.2-rc1
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5023b14cf4df4d22e1a80738167f3438c9e62e5f