2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2022-42719" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2022-10-13T23:15:11.597" ,
2023-11-07 21:03:21 +00:00
"lastModified" : "2023-11-07T03:53:24.857" ,
2023-04-24 12:24:31 +02:00
"vulnStatus" : "Modified" ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code."
} ,
{
"lang" : "es" ,
"value" : "Un uso de memoria previamente liberada en la pila mac80211 cuando ea analizado un elemento multi-BSSID en el kernel de Linux versiones 5.2 hasta 5.19.14, podr\u00eda ser usado por atacantes (capaces de inyectar tramas WLAN) para bloquear el kernel y potencialmente ejecutar c\u00f3digo"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "ADJACENT_NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 8.8 ,
"baseSeverity" : "HIGH"
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-416"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.2" ,
"versionEndExcluding" : "5.4.219" ,
"matchCriteriaId" : "123CF347-5C50-470C-9502-55A37F29B8FE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.5" ,
"versionEndExcluding" : "5.10.149" ,
"matchCriteriaId" : "DBDEE63F-4CF2-4F04-8E50-6CEF0E4BCF78"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.11" ,
"versionEndExcluding" : "5.15.74" ,
"matchCriteriaId" : "381A1822-66FA-4BF1-BCA9-7AF2DFCFFBE4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "5.16" ,
"versionEndExcluding" : "5.19.16" ,
"matchCriteriaId" : "950EB0FE-7220-47B0-A80D-CEFD803A69C2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "6.0" ,
"versionEndExcluding" : "6.0.2" ,
"matchCriteriaId" : "B0624AD1-5A88-463E-96D1-F938FCBA6EEA"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://packetstormsecurity.com/files/171005/Kernel-Live-Patch-Security-Notice-LNS-0091-1.html" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2022/10/13/2" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2022/10/13/5" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit" ,
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1204051" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Issue Tracking" ,
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Patch" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/" ,
"source" : "cve@mitre.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/" ,
"source" : "cve@mitre.org"
2023-04-24 12:24:31 +02:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/" ,
"source" : "cve@mitre.org"
2023-04-24 12:24:31 +02:00
} ,
{
"url" : "https://security.netapp.com/advisory/ntap-20230203-0008/" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://www.debian.org/security/2022/dsa-5257" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
}
]
}
