{"api_version":"1","generated_at":"2026-04-22T23:53:12+00:00","cve":"CVE-2022-42721","urls":{"html":"https://cve.report/CVE-2022-42721","api":"https://cve.report/api/cve/CVE-2022-42721.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-42721","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-42721"},"summary":{"title":"CVE-2022-42721","description":"A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-10-14 00:15:00","updated_at":"2023-11-07 03:53:00"},"problem_types":["CWE-835"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/","name":"FEDORA-2022-2cfbe17910","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 36 Update: kernel-5.19.15-201.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20230203-0008/","name":"https://security.netapp.com/advisory/ntap-20230203-0008/","refsource":"CONFIRM","tags":[],"title":"October 2022 Linux Kernel 5.19.15 Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2022/10/13/5","name":"http://www.openwall.com/lists/oss-security/2022/10/13/5","refsource":"MISC","tags":[],"title":"oss-security - Re: Various Linux Kernel WLAN security issues (RCE/DOS) found","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/","name":"FEDORA-2022-b948fc3cfb","refsource":"","tags":[],"title":"[SECURITY] Fedora 35 Update: kernel-5.19.15-101.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1204060","name":"https://bugzilla.suse.com/show_bug.cgi?id=1204060","refsource":"MISC","tags":[],"title":"Bug 1204060 – VUL-0: CVE-2022-42721: kernel: remote crash/code execution due list corruption in the wlan stack","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/","name":"FEDORA-2022-1a5b125ac6","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: kernel-5.19.15-301.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f","name":"https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f","refsource":"MISC","tags":[],"title":"kernel/git/wireless/wireless.git - kvalo's fork of linux.git","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/","name":"FEDORA-2022-1a5b125ac6","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: kernel-5.19.15-301.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2022/dsa-5257","name":"DSA-5257","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5257-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html","name":"[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3173-1] linux-5.10 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/","name":"FEDORA-2022-2cfbe17910","refsource":"","tags":[],"title":"[SECURITY] Fedora 36 Update: kernel-5.19.15-201.fc36 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html","name":"http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html","refsource":"MISC","tags":[],"title":"Kernel Live Patch Security Notice LSN-0090-1 ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/","name":"FEDORA-2022-b948fc3cfb","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 35 Update: kernel-5.19.15-101.fc35 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-42721","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-42721","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"42721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"35","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"36","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42721","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"42721","vulnerable":"1","versionEndIncluding":"5.19.14","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-42721","qid":"160583","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2023-2458)"},{"cve":"CVE-2022-42721","qid":"160692","title":"Oracle Enterprise Linux Security Update for kernel (ELSA-2023-2951)"},{"cve":"CVE-2022-42721","qid":"181145","title":"Debian Security Update for linux (DSA 5257-1)"},{"cve":"CVE-2022-42721","qid":"181190","title":"Debian Security Update for linux-5.10 (DLA 3173-1)"},{"cve":"CVE-2022-42721","qid":"183646","title":"Debian Security Update for linux (CVE-2022-42721)"},{"cve":"CVE-2022-42721","qid":"198996","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5691-1)"},{"cve":"CVE-2022-42721","qid":"198997","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5692-1)"},{"cve":"CVE-2022-42721","qid":"198999","title":"Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5693-1)"},{"cve":"CVE-2022-42721","qid":"199006","title":"Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5700-1)"},{"cve":"CVE-2022-42721","qid":"199014","title":"Ubuntu Security Notification for backport-iwlwifi-dkms Vulnerabilities (USN-5708-1)"},{"cve":"CVE-2022-42721","qid":"199053","title":"Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-5752-1)"},{"cve":"CVE-2022-42721","qid":"241417","title":"Red Hat Update for kernel security (RHSA-2023:2458)"},{"cve":"CVE-2022-42721","qid":"241468","title":"Red Hat Update for kernel-rt (RHSA-2023:2148)"},{"cve":"CVE-2022-42721","qid":"241504","title":"Red Hat Update for kernel security (RHSA-2023:2951)"},{"cve":"CVE-2022-42721","qid":"241527","title":"Red Hat Update for kernel-rt (RHSA-2023:2736)"},{"cve":"CVE-2022-42721","qid":"243041","title":"Red Hat Update for kernel security (RHSA-2024:1188)"},{"cve":"CVE-2022-42721","qid":"283201","title":"Fedora Security Update for kernel (FEDORA-2022-2cfbe17910)"},{"cve":"CVE-2022-42721","qid":"283209","title":"Fedora Security Update for kernel (FEDORA-2022-b948fc3cfb)"},{"cve":"CVE-2022-42721","qid":"283477","title":"Fedora Security Update for kernel (FEDORA-2022-1a5b125ac6)"},{"cve":"CVE-2022-42721","qid":"377891","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0002)"},{"cve":"CVE-2022-42721","qid":"378468","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-20230042)"},{"cve":"CVE-2022-42721","qid":"378512","title":"Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0042)"},{"cve":"CVE-2022-42721","qid":"502548","title":"Alpine Linux Security Update for linux-lts"},{"cve":"CVE-2022-42721","qid":"504122","title":"Alpine Linux Security Update for linux-lts"},{"cve":"CVE-2022-42721","qid":"610462","title":"Google Android Devices January 2023 Security Patch Missing"},{"cve":"CVE-2022-42721","qid":"610467","title":"Google Android February 2023 Security Patch Missing for Samsung"},{"cve":"CVE-2022-42721","qid":"752708","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3704-1)"},{"cve":"CVE-2022-42721","qid":"752724","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3775-1)"},{"cve":"CVE-2022-42721","qid":"752750","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3844-1)"},{"cve":"CVE-2022-42721","qid":"752889","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3897-1)"},{"cve":"CVE-2022-42721","qid":"752911","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3998-1)"},{"cve":"CVE-2022-42721","qid":"753063","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4617-1)"},{"cve":"CVE-2022-42721","qid":"753119","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) (SUSE-SU-2022:3657-1)"},{"cve":"CVE-2022-42721","qid":"753143","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 24 for SLE 15 SP3) (SUSE-SU-2022:3606-1)"},{"cve":"CVE-2022-42721","qid":"753150","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) (SUSE-SU-2022:3605-1)"},{"cve":"CVE-2022-42721","qid":"753339","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) (SUSE-SU-2022:3601-1)"},{"cve":"CVE-2022-42721","qid":"753352","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) (SUSE-SU-2022:3648-1)"},{"cve":"CVE-2022-42721","qid":"753374","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3809-1)"},{"cve":"CVE-2022-42721","qid":"753375","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) (SUSE-SU-2022:3628-1)"},{"cve":"CVE-2022-42721","qid":"753394","title":"SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 30 for SLE 15 SP2) (SUSE-SU-2022:3607-1)"},{"cve":"CVE-2022-42721","qid":"904220","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11123)"},{"cve":"CVE-2022-42721","qid":"904224","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11117)"},{"cve":"CVE-2022-42721","qid":"904386","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11123-1)"},{"cve":"CVE-2022-42721","qid":"904415","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11117-1)"},{"cve":"CVE-2022-42721","qid":"905880","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11123-2)"},{"cve":"CVE-2022-42721","qid":"906437","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (11117-2)"},{"cve":"CVE-2022-42721","qid":"941023","title":"AlmaLinux Security Update for kernel (ALSA-2023:2458)"},{"cve":"CVE-2022-42721","qid":"941061","title":"AlmaLinux Security Update for kernel-rt (ALSA-2023:2148)"},{"cve":"CVE-2022-42721","qid":"941096","title":"AlmaLinux Security Update for kernel (ALSA-2023:2951)"},{"cve":"CVE-2022-42721","qid":"941114","title":"AlmaLinux Security Update for kernel-rt (ALSA-2023:2736)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-42721","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1204060","refsource":"MISC","name":"https://bugzilla.suse.com/show_bug.cgi?id=1204060"},{"refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2022/10/13/5","url":"http://www.openwall.com/lists/oss-security/2022/10/13/5"},{"refsource":"MISC","name":"https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f","url":"https://git.kernel.org/pub/scm/linux/kernel/git/wireless/wireless.git/commit/?id=bcca852027e5878aec911a347407ecc88d6fff7f"},{"refsource":"FEDORA","name":"FEDORA-2022-2cfbe17910","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGHENNMLCWIQV2LLA56BJNFIUZ7WB4IY/"},{"refsource":"FEDORA","name":"FEDORA-2022-b948fc3cfb","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNN3VFQPECS6D4PS6ZWD7AFXTOSJDSSR/"},{"refsource":"FEDORA","name":"FEDORA-2022-1a5b125ac6","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S2KTU5LFZNQS7YNGE56MT46VHMXL3DD2/"},{"refsource":"DEBIAN","name":"DSA-5257","url":"https://www.debian.org/security/2022/dsa-5257"},{"refsource":"MLIST","name":"[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update","url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html","url":"http://packetstormsecurity.com/files/169951/Kernel-Live-Patch-Security-Notice-LSN-0090-1.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230203-0008/","url":"https://security.netapp.com/advisory/ntap-20230203-0008/"}]}},"nvd":{"publishedDate":"2022-10-14 00:15:00","lastModifiedDate":"2023-11-07 03:53:00","problem_types":["CWE-835"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1","versionEndExcluding":"5.19.16","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}