CVE-2022-42721
5.5
MEDIUM
CVSS 3.1
EPSS 0.03%
Description
A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.
How to fix CVE-2022-42721
To remediate CVE-2022-42721, upgrade the affected package to a fixed version below.
- Alpine/linux-lts—upgrade to 5.15.74-r0 or later
- —upgrade to 5.10.149-1 or later
Is CVE-2022-42721 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 5.15.74-r0
- from 0, < 5.10.149-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |