CVE-2022-42719 - Use After Free

Severity

88%

Complexity

27%

Confidentiality

98%

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

CVSS 3.1 Base Score 8.8. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Demo Examples

Use After Free

CWE-416

The following example demonstrates the weakness.


               
}
free(buf3R2);

Use After Free

CWE-416

The following code illustrates a use after free error:


               
}
free(ptr);
logError("operation aborted before commit", ptr);

When an error occurs, the pointer is immediately freed. However, this pointer is later incorrectly used in the logError function.

Overview

First reported 2 years ago

2022-10-13 23:15:00

Last updated 2 years ago

2022-11-04 19:18:00

Affected Software

Linux Kernel

References

https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6

https://bugzilla.suse.com/show_bug.cgi?id=1204051

http://www.openwall.com/lists/oss-security/2022/10/13/5

http://www.openwall.com/lists/oss-security/2022/10/13/2

FEDORA-2022-2cfbe17910

FEDORA-2022-b948fc3cfb

FEDORA-2022-1a5b125ac6

https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6

Mailing List, Patch, Vendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1204051

Issue Tracking, Patch, Third Party Advisory

http://www.openwall.com/lists/oss-security/2022/10/13/5

Exploit, Mailing List, Third Party Advisory

http://www.openwall.com/lists/oss-security/2022/10/13/2

Mailing List, Patch, Third Party Advisory

FEDORA-2022-2cfbe17910

Mailing List, Third Party Advisory

FEDORA-2022-b948fc3cfb

Mailing List, Third Party Advisory

FEDORA-2022-1a5b125ac6

Mailing List, Third Party Advisory

DSA-5257

DSA-5257

Third Party Advisory

[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update

[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update

Mailing List, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.