Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-49022

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/10/2024
Last modified:
24/10/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration<br /> <br /> Fix possible out-of-bound access in ieee80211_get_rate_duration routine<br /> as reported by the following UBSAN report:<br /> <br /> UBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47<br /> index 15 is out of range for type &amp;#39;u16 [12]&amp;#39;<br /> CPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic<br /> Hardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017<br /> Workqueue: mt76 mt76u_tx_status_data [mt76_usb]<br /> Call Trace:<br /> <br /> show_stack+0x4e/0x61<br /> dump_stack_lvl+0x4a/0x6f<br /> dump_stack+0x10/0x18<br /> ubsan_epilogue+0x9/0x43<br /> __ubsan_handle_out_of_bounds.cold+0x42/0x47<br /> ieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211]<br /> ? ieee80211_tx_status_ext+0x32e/0x640 [mac80211]<br /> ieee80211_calc_rx_airtime+0xda/0x120 [mac80211]<br /> ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211]<br /> mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib]<br /> mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib]<br /> mt76u_tx_status_data+0x67/0xd0 [mt76_usb]<br /> process_one_work+0x225/0x400<br /> worker_thread+0x50/0x3e0<br /> ? process_one_work+0x400/0x400<br /> kthread+0xe9/0x110<br /> ? kthread_complete_and_exit+0x20/0x20<br /> ret_from_fork+0x22/0x30

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.80 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x
7.80
Severity 3.x
HIGH

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.158 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.82 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.16 (including) 6.0.12 (excluding)
cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1:rc7:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools