CVE-2022-42721

NameCVE-2022-42721
DescriptionA list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3173-1, DSA-5257-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)buster4.19.249-2fixed
buster (security)4.19.260-1fixed
bullseye5.10.140-1vulnerable
bullseye (security)5.10.149-2fixed
bookworm6.0.10-1fixed
sid6.0.10-2fixed
linux-5.10 (PTS)buster (security)5.10.149-2~deb10u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebuster(not affected)
linuxsourcebullseye5.10.149-1DSA-5257-1
linuxsource(unstable)6.0.2-1
linux-5.10sourcebuster5.10.149-2~deb10u1DLA-3173-1

Notes

[buster] - linux <not-affected> (Vulnerable code not present)
https://www.openwall.com/lists/oss-security/2022/10/13/2
https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
https://github.com/PurpleVsGreen/beacown

Search for package or bug name: Reporting problems