Buffer overflow in Linux kernel - CVE-2022-41674
Published: October 14, 2022
Vulnerability identifier: #VU68311
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2022-41674
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing WLAN frames within the ieee80211_bss_info_update() function in net/mac80211/scan.c in Linux kernel. A remote attacker on the local network can send specially crafted WLAN frames to the affected system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2022-41674
Install updates from vendor's website.
Sources
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/net/mac80211/scan.c
- https://www.openwall.com/lists/oss-security/2022/10/13/5
- https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d
- https://bugzilla.suse.com/show_bug.cgi?id=1203770
- http://www.openwall.com/lists/oss-security/2022/10/13/2