CVE-2022-49023

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: fix buffer overflow in elem comparison

For vendor elements, the code here assumes that 5 octets are present without checking. Since the element itself is already checked to fit, we only need to check the length.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux0b8fb8235be8be99a197e8d948fc0a2df8dc261a < f5c2ec288a865dbe3706b09bed12302e9f6d696baffected
LinuxLinux0b8fb8235be8be99a197e8d948fc0a2df8dc261a < 9e6b79a3cd17620d467311b30d56f2648f6880aaaffected
LinuxLinux0b8fb8235be8be99a197e8d948fc0a2df8dc261a < 88a6fe3707888bd1893e9741157a7035c4159ab6affected
LinuxLinux0b8fb8235be8be99a197e8d948fc0a2df8dc261a < 391cb872553627bdcf236c03ee7d5adb275e37e1affected
LinuxLinux0b8fb8235be8be99a197e8d948fc0a2df8dc261a < 9f16b5c82a025cd4c864737409234ddc44fb166aaffected
LinuxLinux5.1affected
LinuxLinux0 < 5.1unaffected
LinuxLinux5.4.226 <= 5.4.*unaffected
LinuxLinux5.10.158 <= 5.10.*unaffected
LinuxLinux5.15.82 <= 5.15.*unaffected
LinuxLinux6.0.12 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References