CVE-2022-47519

NameCVE-2022-47519
DescriptionAn issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3244-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2vulnerable
buster (security)4.19.304-1vulnerable
bullseye5.10.209-2fixed
bullseye (security)5.10.216-1fixed
bookworm6.1.76-1fixed
bookworm (security)6.1.90-1fixed
sid, trixie6.7.12-1fixed
linux-5.10 (PTS)buster (security)5.10.216-1~deb10u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebullseye5.10.158-1
linuxsource(unstable)6.0.12-1
linux-5.10sourcebuster5.10.158-2~deb10u1DLA-3244-1

Notes

https://git.kernel.org/linus/051ae669e4505abbe05165bebf6be7922de11f41
Search for package or bug name: Reporting problems