[manjaro-security] [ASA-202210-2] linux: multiple issues

[Levente Polyak]

Arch Linux Security Advisory ASA-202210-2
=========================================

Severity: Critical
Date    : 2022-10-14
CVE-ID  : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721
           CVE-2022-42722
Package : linux
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2801

Summary
=======

The package linux before version 6.0.1.arch2-1 is vulnerable to
multiple issues including arbitrary code execution, information
disclosure and denial of service.

Resolution
==========

Upgrade to 6.0.1.arch2-1.

# pacman -Syu "linux>=6.0.1.arch2-1"

The problems have been fixed upstream in version 6.0.1.arch2.

Workaround
==========

None.

Description
===========

- CVE-2022-41674 (information disclosure)

A buffer overflow flaw was found in the u8 overflow in
cfg80211_update_notlisted_nontrans() in net/wireless/scan.c in the
Linux kernel’s wifi subcomponent. This flaw allows a remote attacker to
inject WLAN frames to crash the system or leak internal kernel
information.

- CVE-2022-42719 (arbitrary code execution)

A use-after-free in the mac80211 stack when parsing a multi-BSSID
element in the Linux kernel 5.2 through 5.19.14 could be used by remote
attackers who are able to inject WLAN frames to crash the kernel and
potentially execute code.

- CVE-2022-42720 (arbitrary code execution)

Various refcounting bugs in the multi-BSS handling in the mac80211
stack in the Linux kernel 5.1 through 5.19.14 could be used by remote
attackers who are able to inject WLAN frames to trigger use-after-free
conditions to potentially execute code.

- CVE-2022-42721 (arbitrary code execution)

A list management bug in BSS handling in the mac80211 stack in the
Linux kernel 5.1 through 5.19.14 could be used by remote attackers who
are able to inject WLAN frames to corrupt a linked list and, in turn,
potentially execute code.

- CVE-2022-42722 (denial of service)

In the Linux kernel 5.8 through 5.19.14, remote attackers are able to
inject WLAN frames into the mac80211 stack could cause a NULL pointer
dereference denial-of-service attack against the beacon protection of
P2P devices.

Impact
======

A remote attacker is able to inject WLAN frames to crash the system or
execute arbitrary code on the affected host.

References
==========

https://www.openwall.com/lists/oss-security/2022/10/13/2
https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
https://www.openwall.com/lists/oss-security/2022/10/13/5
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aebe9f4639b13a1f4e9a6b42cdd2e38c617b442d
https://bugzilla.suse.com/show_bug.cgi?id=1203770
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff05d4b45dd89b922578dac497dcabf57cf771c6
https://bugzilla.suse.com/show_bug.cgi?id=1204051
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b7808818cb9df6680f98996b8e9a439fa7bcc2f
https://bugzilla.suse.com/show_bug.cgi?id=1204059
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f
https://bugzilla.suse.com/show_bug.cgi?id=1204060
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b2d03cabe2b2e150ff5a381731ea0355459be09f
https://bugzilla.suse.com/show_bug.cgi?id=1204125
https://security.archlinux.org/CVE-2022-41674
https://security.archlinux.org/CVE-2022-42719
https://security.archlinux.org/CVE-2022-42720
https://security.archlinux.org/CVE-2022-42721
https://security.archlinux.org/CVE-2022-42722
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.manjaro.org/pipermail/manjaro-security/attachments/20221015/5f9b220a/attachment.sig>