CVE-2022-42719 - log back

CVE-2022-42719 edited at 14 Oct 2022 22:41:18
References
https://www.openwall.com/lists/oss-security/2022/10/13/2
https://www.openwall.com/lists/oss-security/2022/10/13/5
https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
- https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6
https://bugzilla.suse.com/show_bug.cgi?id=1204051
CVE-2022-42719 edited at 14 Oct 2022 22:35:04
Notes
+ introduced in v5.2-rc1
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5023b14cf4df4d22e1a80738167f3438c9e62e5f
CVE-2022-42719 edited at 14 Oct 2022 18:41:33
Description
- A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
+ A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by remote attackers who are able to inject WLAN frames to crash the kernel and potentially execute code.
CVE-2022-42719 edited at 14 Oct 2022 18:29:46
References
+ https://www.openwall.com/lists/oss-security/2022/10/13/2
+ https://www.openwall.com/lists/oss-security/2022/10/13/5
+ https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6
https://bugzilla.suse.com/show_bug.cgi?id=1204051
CVE-2022-42719 edited at 14 Oct 2022 18:28:45
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6
+ https://bugzilla.suse.com/show_bug.cgi?id=1204051
Notes
CVE-2022-42719 created at 14 Oct 2022 18:21:23