{ "threat_severity" : "Moderate", "public_date" : "2024-10-21T00:00:00Z", "bugzilla" : { "description" : "kernel: wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration", "id" : "2320721", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2320721" }, "cvss3" : { "cvss3_base_score" : "7.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-129", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nwifi: mac8021: fix possible oob access in ieee80211_get_rate_duration\nFix possible out-of-bound access in ieee80211_get_rate_duration routine\nas reported by the following UBSAN report:\nUBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47\nindex 15 is out of range for type 'u16 [12]'\nCPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic\nHardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017\nWorkqueue: mt76 mt76u_tx_status_data [mt76_usb]\nCall Trace:\n\nshow_stack+0x4e/0x61\ndump_stack_lvl+0x4a/0x6f\ndump_stack+0x10/0x18\nubsan_epilogue+0x9/0x43\n__ubsan_handle_out_of_bounds.cold+0x42/0x47\nieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211]\n? ieee80211_tx_status_ext+0x32e/0x640 [mac80211]\nieee80211_calc_rx_airtime+0xda/0x120 [mac80211]\nieee80211_calc_tx_airtime+0xb4/0x100 [mac80211]\nmt76x02_send_tx_status+0x266/0x480 [mt76x02_lib]\nmt76x02_tx_status_data+0x52/0x80 [mt76x02_lib]\nmt76u_tx_status_data+0x67/0xd0 [mt76_usb]\nprocess_one_work+0x225/0x400\nworker_thread+0x50/0x3e0\n? process_one_work+0x400/0x400\nkthread+0xe9/0x110\n? kthread_complete_and_exit+0x20/0x20\nret_from_fork+0x22/0x30" ], "statement" : "This issue is considered to be a moderate impact flaw, as the exploitation in this will not cause an Intigrity (I:L) threat with the available usecase.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-05-09T00:00:00Z", "advisory" : "RHSA-2023:2458", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-284.11.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-05-09T00:00:00Z", "advisory" : "RHSA-2023:2458", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-284.11.1.el9_2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49022\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49022\nhttps://lore.kernel.org/linux-cve-announce/2024102154-CVE-2022-49022-c605@gregkh/T" ], "name" : "CVE-2022-49022", "csaw" : false }