Arch Linux Security Advisory ASA-202210-4 ========================================= Severity: Critical Date : 2022-10-14 CVE-ID : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 Package : linux-zen Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2803 Summary ======= The package linux-zen before version 6.0.1.zen2-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. Resolution ========== Upgrade to 6.0.1.zen2-1. # pacman -Syu "linux-zen>=6.0.1.zen2-1" The problems have been fixed upstream in version 6.0.1.zen2. Workaround ========== None. Description =========== - CVE-2022-41674 (information disclosure) A buffer overflow flaw was found in the u8 overflow in cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the Linux kernel’s wifi subcomponent. This flaw allows a remote attacker to inject WLAN frames to crash the system or leak internal kernel information. - CVE-2022-42719 (arbitrary code execution) A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by remote attackers who are able to inject WLAN frames to crash the kernel and potentially execute code. - CVE-2022-42720 (arbitrary code execution) Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by remote attackers who are able to inject WLAN frames to trigger use-after-free conditions to potentially execute code. - CVE-2022-42721 (arbitrary code execution) A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.14 could be used by remote attackers who are able to inject WLAN frames to corrupt a linked list and, in turn, potentially execute code. - CVE-2022-42722 (denial of service) In the Linux kernel 5.8 through 5.19.14, remote attackers are able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices. Impact ====== A remote attacker is able to inject WLAN frames to crash the system or execute arbitrary code on the affected host. References ========== https://www.openwall.com/lists/oss-security/2022/10/13/2 https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.... https://www.openwall.com/lists/oss-security/2022/10/13/5 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... https://bugzilla.suse.com/show_bug.cgi?id=1203770 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... https://bugzilla.suse.com/show_bug.cgi?id=1204051 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... https://bugzilla.suse.com/show_bug.cgi?id=1204059 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... https://bugzilla.suse.com/show_bug.cgi?id=1204060 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... https://bugzilla.suse.com/show_bug.cgi?id=1204125 https://security.archlinux.org/CVE-2022-41674 https://security.archlinux.org/CVE-2022-42719 https://security.archlinux.org/CVE-2022-42720 https://security.archlinux.org/CVE-2022-42721 https://security.archlinux.org/CVE-2022-42722