USN-5708-1

Source
https://ubuntu.com/security/notices/USN-5708-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5708-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-5708-1
Related
Published
2022-11-01T13:15:44.154611Z
Modified
2022-11-01T13:15:44.154611Z
Summary
backport-iwlwifi-dkms vulnerabilities
Details

Sönke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41674)

Sönke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42719)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42720)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly handle BSSID/SSID lists in some situations. A physically proximate attacker could use this to cause a denial of service (infinite loop). (CVE-2022-42721)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A physically proximate attacker could use this to cause a denial of service (system crash). This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10. (CVE-2022-42722)

References

Affected packages

Ubuntu:20.04:LTS / backport-iwlwifi-dkms

Package

Name
backport-iwlwifi-dkms
Purl
pkg:deb/ubuntu/backport-iwlwifi-dkms?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8324-0ubuntu3~20.04.5

Affected versions

Other

7906-0ubuntu1
7906-0ubuntu2
8042-0ubuntu1
8042-0ubuntu2
8042-0ubuntu3
8286-0ubuntu1
8324-0ubuntu1

8324-0ubuntu3~20.*

8324-0ubuntu3~20.04.1
8324-0ubuntu3~20.04.2
8324-0ubuntu3~20.04.3
8324-0ubuntu3~20.04.4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "8324-0ubuntu3~20.04.5",
            "binary_name": "backport-iwlwifi-dkms"
        }
    ]
}

Ubuntu:22.04:LTS / backport-iwlwifi-dkms

Package

Name
backport-iwlwifi-dkms
Purl
pkg:deb/ubuntu/backport-iwlwifi-dkms?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9858-0ubuntu3.1

Affected versions

Other

9340-0ubuntu4
9340-0ubuntu5
9858-0ubuntu1
9858-0ubuntu2
9858-0ubuntu3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "9858-0ubuntu3.1",
            "binary_name": "backport-iwlwifi-dkms"
        }
    ]
}