CVE-2022-42719: n/a in n/a
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
AI Analysis
Technical Summary
CVE-2022-42719 is a high-severity use-after-free vulnerability found in the mac80211 wireless stack of the Linux kernel versions 5.2 through 5.19.x prior to 5.19.16. The vulnerability arises during the parsing of multi-BSSID elements in WLAN frames. Specifically, when the kernel processes these frames, improper memory management leads to a use-after-free condition, where the kernel attempts to access memory that has already been freed. This flaw can be exploited by an attacker capable of injecting specially crafted WLAN frames into the network environment. Exploitation can cause the kernel to crash (denial of service) and potentially allow arbitrary code execution with kernel privileges. The vulnerability does not require any user privileges or user interaction, and the attacker only needs network access to the wireless medium to send malicious frames. The CVSS 3.1 base score is 8.8, reflecting the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no required privileges or user interaction. This vulnerability is classified under CWE-416 (Use After Free), a common and dangerous memory corruption issue. Although no known exploits are reported in the wild as of the publication date, the potential for remote kernel code execution makes this a critical risk for affected systems. The vulnerability affects Linux kernel versions widely used in many distributions, especially those running on wireless-enabled devices such as laptops, servers with Wi-Fi interfaces, and embedded systems. The lack of vendor or product specificity indicates the issue is intrinsic to the Linux kernel's mac80211 subsystem rather than a third-party component.
Potential Impact
For European organizations, this vulnerability poses a significant risk, particularly for those relying on Linux-based systems with wireless capabilities. The ability for an attacker to remotely crash the kernel or execute arbitrary code could lead to widespread denial of service, data breaches, or full system compromise. Critical infrastructure, government agencies, and enterprises with wireless network access are at heightened risk. The vulnerability could be exploited in environments where attackers have proximity to the wireless network or can inject frames via compromised access points or rogue devices. This threat could disrupt business operations, compromise sensitive data, and undermine trust in IT systems. Additionally, organizations in sectors such as finance, healthcare, and telecommunications, which often use Linux servers and wireless devices, may face regulatory and compliance repercussions if exploited. The potential for kernel-level code execution elevates the severity, as attackers could gain persistent, undetectable control over affected systems.
Mitigation Recommendations
Organizations should prioritize updating Linux kernels to version 5.19.16 or later, where this vulnerability is patched. For systems where immediate kernel upgrades are not feasible, network-level mitigations include restricting wireless frame injection by enforcing strong wireless security protocols (e.g., WPA3), disabling unused wireless interfaces, and implementing wireless intrusion detection/prevention systems to detect anomalous frame injection. Network segmentation can limit exposure of critical systems to wireless networks. Additionally, monitoring kernel logs and system behavior for crashes or anomalies related to wireless activity can provide early detection. Organizations should also ensure that all Linux distributions in use have applied vendor-specific patches addressing this CVE. For embedded or specialized devices, coordination with vendors to obtain firmware updates is essential. Finally, educating IT staff about the risks of wireless frame injection attacks and maintaining up-to-date asset inventories of wireless-enabled devices will support effective risk management.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-42719: n/a in n/a
Description
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
AI-Powered Analysis
Technical Analysis
CVE-2022-42719 is a high-severity use-after-free vulnerability found in the mac80211 wireless stack of the Linux kernel versions 5.2 through 5.19.x prior to 5.19.16. The vulnerability arises during the parsing of multi-BSSID elements in WLAN frames. Specifically, when the kernel processes these frames, improper memory management leads to a use-after-free condition, where the kernel attempts to access memory that has already been freed. This flaw can be exploited by an attacker capable of injecting specially crafted WLAN frames into the network environment. Exploitation can cause the kernel to crash (denial of service) and potentially allow arbitrary code execution with kernel privileges. The vulnerability does not require any user privileges or user interaction, and the attacker only needs network access to the wireless medium to send malicious frames. The CVSS 3.1 base score is 8.8, reflecting the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no required privileges or user interaction. This vulnerability is classified under CWE-416 (Use After Free), a common and dangerous memory corruption issue. Although no known exploits are reported in the wild as of the publication date, the potential for remote kernel code execution makes this a critical risk for affected systems. The vulnerability affects Linux kernel versions widely used in many distributions, especially those running on wireless-enabled devices such as laptops, servers with Wi-Fi interfaces, and embedded systems. The lack of vendor or product specificity indicates the issue is intrinsic to the Linux kernel's mac80211 subsystem rather than a third-party component.
Potential Impact
For European organizations, this vulnerability poses a significant risk, particularly for those relying on Linux-based systems with wireless capabilities. The ability for an attacker to remotely crash the kernel or execute arbitrary code could lead to widespread denial of service, data breaches, or full system compromise. Critical infrastructure, government agencies, and enterprises with wireless network access are at heightened risk. The vulnerability could be exploited in environments where attackers have proximity to the wireless network or can inject frames via compromised access points or rogue devices. This threat could disrupt business operations, compromise sensitive data, and undermine trust in IT systems. Additionally, organizations in sectors such as finance, healthcare, and telecommunications, which often use Linux servers and wireless devices, may face regulatory and compliance repercussions if exploited. The potential for kernel-level code execution elevates the severity, as attackers could gain persistent, undetectable control over affected systems.
Mitigation Recommendations
Organizations should prioritize updating Linux kernels to version 5.19.16 or later, where this vulnerability is patched. For systems where immediate kernel upgrades are not feasible, network-level mitigations include restricting wireless frame injection by enforcing strong wireless security protocols (e.g., WPA3), disabling unused wireless interfaces, and implementing wireless intrusion detection/prevention systems to detect anomalous frame injection. Network segmentation can limit exposure of critical systems to wireless networks. Additionally, monitoring kernel logs and system behavior for crashes or anomalies related to wireless activity can provide early detection. Organizations should also ensure that all Linux distributions in use have applied vendor-specific patches addressing this CVE. For embedded or specialized devices, coordination with vendors to obtain firmware updates is essential. Finally, educating IT staff about the risks of wireless frame injection attacks and maintaining up-to-date asset inventories of wireless-enabled devices will support effective risk management.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-10-10T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682cd0fa1484d88663aec16b
Added to database: 5/20/2025, 6:59:06 PM
Last enriched: 7/6/2025, 7:58:31 AM
Last updated: 8/17/2025, 12:30:01 AM
Views: 11
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.