CVE-2022-42720 log

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by remote attackers who are able to inject WLAN frames to trigger use-after-free conditions to potentially execute code.
Group Package Affected Fixed Severity Status Ticket
AVG-2803 linux-zen 5.1-1 6.0.1.zen2-1 Critical Fixed
AVG-2802 linux-lts 5.1-1 5.15.73-3 Critical Fixed
AVG-2801 linux 5.1-1 6.0.1.arch2-1 Critical Fixed
AVG-2800 linux-hardened 5.1-1 5.19.15.hardened2-1 Critical Fixed
Date Advisory Group Package Severity Type
14 Oct 2022 ASA-202210-4 AVG-2803 linux-zen Critical multiple issues
14 Oct 2022 ASA-202210-3 AVG-2802 linux-lts Critical multiple issues
14 Oct 2022 ASA-202210-2 AVG-2801 linux Critical multiple issues
14 Oct 2022 ASA-202210-1 AVG-2800 linux-hardened Critical multiple issues
References
https://www.openwall.com/lists/oss-security/2022/10/13/2
https://www.openwall.com/lists/oss-security/2022/10/13/5
https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f
https://bugzilla.suse.com/show_bug.cgi?id=1204059
Notes
introduced in v5.1-rc1
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3584f56de1c808d4383a275b4a74467b19e5645