Menu

Blog

Oct 17, 2022

5 critical remote code execution vulnerabilities in Linux kernel.!Patch immediately!

Posted by in categories: computing, internet

The Linux kernel WiFi stack has five serious flaws, according to research, which a hacker might use to execute arbitrary code or inflict a denial of service.

The vulnerability, identified as CVE-2022–42719, was brought on by a use-after-free issue in the multi-BSSID element’s ieee802 11 parse elems full function of net/mac80211/util.c. A remote authenticated adversary might leverage this issue to execute arbitrary code or bring down the system by sending a carefully crafted request. In v5.2-rc1, the CVE-2022–42719 vulnerability was first made public.

The vulnerability, identified as CVE-2022–42720, was produced about by a use-after-free issue in the multi-BSSID part of the bss ref get function in net/wireless/scan.c. A remote authenticated adversary might leverage this issue to execute arbitrary code or bring down the system by sending a carefully crafted request.

Comments are closed.