USN-5708-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-5708-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5708-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-5708-1

Related

CVE-2022-41674
CVE-2022-42719
CVE-2022-42720
CVE-2022-42721
CVE-2022-42722
UBUNTU-CVE-2022-41674
UBUNTU-CVE-2022-42719
UBUNTU-CVE-2022-42720
UBUNTU-CVE-2022-42721
UBUNTU-CVE-2022-42722

Published

2022-11-01T13:15:44.154611Z

Modified

2022-11-01T13:15:44.154611Z

Summary

backport-iwlwifi-dkms vulnerabilities

Details

Sönke Huster discovered that an integer overflow vulnerability existed in the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-41674)

Sönke Huster discovered that a use-after-free vulnerability existed in the WiFi driver stack in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42719)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-42720)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did not properly handle BSSID/SSID lists in some situations. A physically proximate attacker could use this to cause a denial of service (infinite loop). (CVE-2022-42721)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel contained a NULL pointer dereference vulnerability in certain situations. A physically proximate attacker could use this to cause a denial of service (system crash). This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.10. (CVE-2022-42722)

References

Affected packages

Ubuntu:20.04:LTS / backport-iwlwifi-dkms

Package

Name: backport-iwlwifi-dkms
Purl: pkg:deb/ubuntu/backport-iwlwifi-dkms@8324-0ubuntu3~20.04.5?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8324-0ubuntu3~20.04.5

Affected versions

Other

7906-0ubuntu1

7906-0ubuntu2

8042-0ubuntu1

8042-0ubuntu2

8042-0ubuntu3

8286-0ubuntu1

8324-0ubuntu1

8324-0ubuntu3~20.*

8324-0ubuntu3~20.04.1

8324-0ubuntu3~20.04.2

8324-0ubuntu3~20.04.3

8324-0ubuntu3~20.04.4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "backport-iwlwifi-dkms": "8324-0ubuntu3~20.04.5"
        }
    ]
}

Ubuntu:22.04:LTS / backport-iwlwifi-dkms

Package

Name: backport-iwlwifi-dkms
Purl: pkg:deb/ubuntu/backport-iwlwifi-dkms@9858-0ubuntu3.1?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9858-0ubuntu3.1

Affected versions

Other

9340-0ubuntu4

9340-0ubuntu5

9858-0ubuntu1

9858-0ubuntu2

9858-0ubuntu3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "backport-iwlwifi-dkms": "9858-0ubuntu3.1"
        }
    ]
}