The Linux kernel WiFi stack has five serious flaws, according to research, which a hacker might use to execute arbitrary code or inflict a denial of service.
The vulnerability, identified as CVE-2022–42719, was brought on by a use-after-free issue in the multi-BSSID element’s ieee802 11 parse elems full function of net/mac80211/util.c. A remote authenticated adversary might leverage this issue to execute arbitrary code or bring down the system by sending a carefully crafted request. In v5.2-rc1, the CVE-2022–42719 vulnerability was first made public.
The vulnerability, identified as CVE-2022–42720, was produced about by a use-after-free issue in the multi-BSSID part of the bss ref get function in net/wireless/scan.c. A remote authenticated adversary might leverage this issue to execute arbitrary code or bring down the system by sending a carefully crafted request.
Comments are closed.