CVE-2022-42721: Input Validation
First published: Thu Oct 13 2022(Updated: )
A list corruption flaw was found in cfg80211_add_nontrans_list in the net/wireless/scan.c function in the Linux kernel. This flaw could lead to a denial of service.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-477.10.1.rt7.274.el8_8 | 0:4.18.0-477.10.1.rt7.274.el8_8 |
| redhat/kernel | <0:4.18.0-477.10.1.el8_8 | 0:4.18.0-477.10.1.el8_8 |
| redhat/kernel | <0:5.14.0-284.11.1.el9_2 | 0:5.14.0-284.11.1.el9_2 |
| redhat/kernel-rt | <0:5.14.0-284.11.1.rt14.296.el9_2 | 0:5.14.0-284.11.1.rt14.296.el9_2 |
| Google Android | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.119-1 6.12.11-1 6.12.12-1 | |
| Linux Kernel | >=5.1<5.19.16 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Fedoraproject Fedora | =37 | |
| Debian GNU/Linux | =10.0 | |
| Debian GNU/Linux | =11.0 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-42721 https://nvd.nist.gov/vuln/detail/CVE-2022-42721 https://www.openwall.com/lists/oss-security/2022/10/13/2
- https://bugzilla.redhat.com/show_bug.cgi?id=2134506
- https://access.redhat.com/errata/RHSA-2023:2736
- https://access.redhat.com/errata/RHSA-2023:2951
- https://access.redhat.com/errata/RHSA-2023:2458
- https://access.redhat.com/errata/RHSA-2023:2148
- https://access.redhat.com/security/cve/cve-2022-42721
- http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html
- http://www.openwall.com/lists/oss-security/2022/10/13/5
- https://bugzilla.suse.com/show_bug.cgi?id=1204060
- https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f
- https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/
- https://security.netapp.com/advisory/ntap-20230203-0008/
- https://www.debian.org/security/2022/dsa-5257
- https://launchpad.net/bugs/cve/CVE-2022-42721
- https://www.openwall.com/lists/oss-security/2022/10/13/2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2134507
- https://access.redhat.com/errata/RHSA-2024:1188
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/
- https://android.googlesource.com/kernel/common/+/9a8ef2030510a
- https://android.googlesource.com/kernel/common/+/0a861bd25dad5
- https://android.googlesource.com/kernel/common/+/9e99ca59ed397
- https://android.googlesource.com/kernel/common/+/bfe29873454f3
- https://android.googlesource.com/kernel/common/+/0a8ee682e4f99
- https://android.googlesource.com/kernel/common/+/fff244e9171b2
- https://android.googlesource.com/kernel/common/+/93a3a32554079
- https://android.googlesource.com/kernel/common/+/d15bb1f6dabe1
- https://android.googlesource.com/kernel/common/+/864f2d3482f4b
- https://android.googlesource.com/kernel/common/+/21df3a583e8e0
- https://android.googlesource.com/kernel/common/+/630060f117567
- https://android.googlesource.com/kernel/common/+/fee48f3bdd751
- https://android.googlesource.com/kernel/common/+/7d998f6b7365d
- https://android.googlesource.com/kernel/common/+/de124365a7d2d
- https://source.android.com/docs/security/bulletin/2023-01-01 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42721
- https://nvd.nist.gov/vuln/detail/CVE-2022-42721
- https://security-tracker.debian.org/tracker/CVE-2022-42721
- https://ubuntu.com/security/CVE-2022-42721
- https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u
- https://github.com/PurpleVsGreen/beacown
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2022-42721?
CVE-2022-42721 is classified as a denial of service vulnerability in the Linux kernel.
How do I fix CVE-2022-42721?
To mitigate CVE-2022-42721, update to kernel version 5.19.16 or later, or apply the relevant patches provided by your distribution.
Which systems are affected by CVE-2022-42721?
CVE-2022-42721 affects Linux kernel versions from 5.1 to 5.19.x prior to 5.19.16, as well as specific versions of Red Hat, Fedora, and Debian distributions.
What is the impact of CVE-2022-42721?
The impact of CVE-2022-42721 includes potential denial of service due to a list corruption flaw in the kernel.
Is CVE-2022-42721 exploitable remotely?
CVE-2022-42721 can potentially be exploited by local users to cause a denial of service.
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-42721
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/description
- agent/trending
- agent/source
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/redhat
- vendor/google
- canonical/google android
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- version/fedoraproject fedora/37
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/10.0
- version/debian gnu/linux/11.0