CVE-2022-42720

Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.

From the Ubuntu Security Team

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

• How can I get the fixes?
• What do statuses mean?
• Patch details

References

• MITRE
• NVD
• Launchpad
• Debian

Related Ubuntu Security Notices (USN)

• USN-5691-1
• Linux kernel vulnerabilities
• 19 October 2022
• USN-5692-1
• Linux kernel vulnerabilities
• 19 October 2022
• USN-5693-1
• Linux kernel (OEM) vulnerabilities
• 19 October 2022
• USN-5700-1
• Linux kernel vulnerabilities
• 26 October 2022
• USN-5708-1
• backport-iwlwifi-dkms vulnerabilities
• 1 November 2022
• LSN-0090-1
• Kernel Live Patch Security Notice
• 16 November 2022
• USN-5752-1
• Linux kernel (Azure CVM) vulnerabilities
• 30 November 2022

Other references

• https://access.redhat.com/security/cve/CVE-2022-42720
• http://www.openwall.com/lists/oss-security/2022/10/13/5
• https://bugzilla.suse.com/show_bug.cgi?id=1204059
• https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f
• https://www.cve.org/CVERecord?id=CVE-2022-42720