Skip to main content

CVE-2022-42719: n/a in n/a

High
VulnerabilityCVE-2022-42719cvecve-2022-42719
Published: Thu Oct 13 2022 (10/13/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

AI-Powered Analysis

AILast updated: 07/06/2025, 07:58:31 UTC

Technical Analysis

CVE-2022-42719 is a high-severity use-after-free vulnerability found in the mac80211 wireless stack of the Linux kernel versions 5.2 through 5.19.x prior to 5.19.16. The vulnerability arises during the parsing of multi-BSSID elements in WLAN frames. Specifically, when the kernel processes these frames, improper memory management leads to a use-after-free condition, where the kernel attempts to access memory that has already been freed. This flaw can be exploited by an attacker capable of injecting specially crafted WLAN frames into the network environment. Exploitation can cause the kernel to crash (denial of service) and potentially allow arbitrary code execution with kernel privileges. The vulnerability does not require any user privileges or user interaction, and the attacker only needs network access to the wireless medium to send malicious frames. The CVSS 3.1 base score is 8.8, reflecting the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no required privileges or user interaction. This vulnerability is classified under CWE-416 (Use After Free), a common and dangerous memory corruption issue. Although no known exploits are reported in the wild as of the publication date, the potential for remote kernel code execution makes this a critical risk for affected systems. The vulnerability affects Linux kernel versions widely used in many distributions, especially those running on wireless-enabled devices such as laptops, servers with Wi-Fi interfaces, and embedded systems. The lack of vendor or product specificity indicates the issue is intrinsic to the Linux kernel's mac80211 subsystem rather than a third-party component.

Potential Impact

For European organizations, this vulnerability poses a significant risk, particularly for those relying on Linux-based systems with wireless capabilities. The ability for an attacker to remotely crash the kernel or execute arbitrary code could lead to widespread denial of service, data breaches, or full system compromise. Critical infrastructure, government agencies, and enterprises with wireless network access are at heightened risk. The vulnerability could be exploited in environments where attackers have proximity to the wireless network or can inject frames via compromised access points or rogue devices. This threat could disrupt business operations, compromise sensitive data, and undermine trust in IT systems. Additionally, organizations in sectors such as finance, healthcare, and telecommunications, which often use Linux servers and wireless devices, may face regulatory and compliance repercussions if exploited. The potential for kernel-level code execution elevates the severity, as attackers could gain persistent, undetectable control over affected systems.

Mitigation Recommendations

Organizations should prioritize updating Linux kernels to version 5.19.16 or later, where this vulnerability is patched. For systems where immediate kernel upgrades are not feasible, network-level mitigations include restricting wireless frame injection by enforcing strong wireless security protocols (e.g., WPA3), disabling unused wireless interfaces, and implementing wireless intrusion detection/prevention systems to detect anomalous frame injection. Network segmentation can limit exposure of critical systems to wireless networks. Additionally, monitoring kernel logs and system behavior for crashes or anomalies related to wireless activity can provide early detection. Organizations should also ensure that all Linux distributions in use have applied vendor-specific patches addressing this CVE. For embedded or specialized devices, coordination with vendors to obtain firmware updates is essential. Finally, educating IT staff about the risks of wireless frame injection attacks and maintaining up-to-date asset inventories of wireless-enabled devices will support effective risk management.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-10-10T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fa1484d88663aec16b

Added to database: 5/20/2025, 6:59:06 PM

Last enriched: 7/6/2025, 7:58:31 AM

Last updated: 8/17/2025, 12:30:01 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats