In a wireless grid (Mac80211), Linux nucleus identified , a series of vulnerabilities, Some of which potentially allow you to achieve the overflow of the buffer and remote execution of the code through sending the access point of specially designed packages. Correction is still available only in the form of patches
….
To demonstrate the possibility of conducting an attack published examples of personnel causing overflow, and Also, a utility for substituting these frames in wireless glass 802.11. Vulnerabilities do not depend on the wireless drivers used. It is assumed that the identified problems can be used to create working exploites for a remote attack on the system.
- CVE-2022-41674-overflow of the buffer into the function CFG80211_UPDATE_NOTLISTED_NONTRANS, which allows rewrite up to 256 bytes in a heap. Vulnerability manifests itself starting from the Linux 5.1 core and can be used for remote code execution.
- CVE-2022-42719-Appeal to the already released area of memory (USE-After-Free) in the MBSSID analysis code. Vulnerability manifests itself starting from the Linux 5.2 nucleus and can be used for remote code execution.
- CVE-2022-42720-Appeal to the already released area of memory (USE-AFTER-FREE) in the link calculation code in the BSS mode (Basic Service Set). Vulnerability manifests itself starting from the Linux 5.1 core and can be used for remote code execution.
- CVE-2022-42721-Damage to the BSS list, leading to endless baking. Vulnerability is manifested starting from the Linux 5.1 nucleus and can be used to complete the service.
- CVE-2022-42722-segments of the zero pointer in the protection code of the Beacon cadres. The problem can be used to complete the service.
/Media reports.