Multiple vulnerabilities in Linux kernel WILC1000 wireless driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2022-47521 CVE-2022-47520 CVE-2022-47519 CVE-2022-47518 |
| CWE-ID | CWE-787 CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU70628
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47521
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the IEEE80211_P2P_ATTR_CHANNEL_LIST in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver. A local user trigger a heap-based buffer overflow when parsing the operating channel attribute from Wi-Fi management frames and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsLinux kernel: before 6.0.11
External linkshttp://github.com/torvalds/linux/commit/f9b62f9843c7b0afdaecabbcebf1dbba18599408
http://lore.kernel.org/r/20221123153543.8568-4-philipturnbull@github.com
http://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU70627
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47520
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver. A local user can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsLinux kernel: before 6.0.11
External linkshttp://github.com/torvalds/linux/commit/cd21d99e595ec1d8721e1058dcdd4f1f7de1d793
http://lore.kernel.org/r/20221123153543.8568-2-philipturnbull@github.com
http://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU70626
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47519
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver. A local user can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsLinux kernel: before 6.0.11
External linkshttp://lore.kernel.org/r/20221123153543.8568-3-philipturnbull@github.com
http://github.com/torvalds/linux/commit/051ae669e4505abbe05165bebf6be7922de11f41
http://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds write
EUVDB-ID: #VU70625
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47518
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing a number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver. A local user can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames and execute arbitrary code with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLinux kernel: before 6.0.11
External linkshttp://lore.kernel.org/r/20221123153543.8568-5-philipturnbull@github.com
http://github.com/torvalds/linux/commit/0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0
http://lists.debian.org/debian-lts-announce/2022/12/msg00031.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
