CVE-2022-41674 is a high-severity vulnerability affecting the Linux kernel versions prior to 5.19.16. The flaw exists in the ieee80211_bss_info_update function within the net/mac80211/scan.c source file. Specifically, this vulnerability is a buffer overflow (CWE-787) triggered by processing maliciously crafted WLAN frames. An attacker capable of injecting WLAN frames into the network vicinity can exploit this vulnerability without requiring any privileges or user interaction. The buffer overflow can lead to a denial of service (crash of the kernel) or potentially allow an attacker to execute arbitrary code in kernel context, compromising system confidentiality and availability. The CVSS 3.1 base score is 8.1, reflecting the high impact on confidentiality and availability, ease of exploitation (network attack vector, no privileges required, no user interaction), and the fact that the scope remains unchanged (the vulnerability affects the same security scope). No known exploits have been reported in the wild as of the published date, but the potential for exploitation exists given the nature of the vulnerability. The vulnerability is rooted in the handling of wireless LAN management frames, which are commonly processed by devices using Linux-based operating systems with wireless capabilities. This includes a wide range of devices from servers and desktops to embedded systems and IoT devices running vulnerable Linux kernels. The absence of vendor or product-specific information suggests that this is a generic Linux kernel issue affecting all distributions using kernel versions before 5.19.16 that have the mac80211 wireless stack enabled.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Linux-based infrastructure with wireless networking capabilities. The ability for an unauthenticated attacker to cause a kernel-level buffer overflow remotely via WLAN frames means that attackers within wireless range can disrupt critical systems or potentially gain kernel-level control. This can lead to service outages, data breaches, or lateral movement within networks. Industries with high reliance on wireless connectivity, such as telecommunications, manufacturing (Industry 4.0), healthcare, and public sector entities, are particularly at risk. Additionally, organizations using Linux-based IoT devices or embedded systems in operational technology environments may face increased exposure. The impact is heightened in dense urban areas or corporate campuses where attackers can physically approach wireless networks. Given the high confidentiality impact, sensitive data processed on affected systems could be exposed if exploitation leads to code execution. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, as proof-of-concept exploits could emerge. The vulnerability also challenges organizations' ability to maintain availability of critical services, as kernel crashes can cause system downtime.

To mitigate CVE-2022-41674, European organizations should prioritize updating Linux kernels to version 5.19.16 or later, where the vulnerability is patched. For environments where immediate kernel upgrades are not feasible, organizations should consider disabling or restricting wireless interfaces on critical systems to limit exposure to WLAN frame injection attacks. Network segmentation can help isolate vulnerable devices from untrusted wireless networks. Employing wireless intrusion detection/prevention systems (WIDS/WIPS) to monitor and block suspicious WLAN frames can reduce the attack surface. Organizations should also audit their Linux-based devices to identify those running vulnerable kernel versions with mac80211 enabled. For embedded and IoT devices, coordinate with vendors to obtain firmware updates or apply mitigations such as disabling wireless features if not required. Additionally, implementing strict physical security controls to limit attacker proximity to wireless networks can reduce risk. Monitoring system logs for kernel crashes or unusual wireless activity can aid in early detection of exploitation attempts. Finally, organizations should integrate this vulnerability into their patch management and vulnerability scanning processes to ensure timely remediation.