CVE-2022-42719 in Linux
Summary
by MITRE • 10/14/2022
A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.14 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/25/2026
The vulnerability identified as CVE-2022-42719 represents a critical use-after-free condition within the mac80211 wireless networking subsystem of the Linux kernel. This flaw exists in kernel versions ranging from 5.2 through 5.19.14, making it a widespread issue affecting numerous Linux distributions that rely on these kernel versions for wireless network operations. The vulnerability specifically manifests when the mac80211 stack processes a multi-BSSID element within wireless management frames, creating a scenario where memory that has been freed is subsequently accessed, leading to unpredictable behavior and potential system compromise.
The technical implementation of this vulnerability involves the improper handling of memory allocation and deallocation within the wireless driver's parsing logic. When a malicious actor successfully injects specially crafted WLAN frames containing malformed multi-BSSID elements, the kernel's wireless subsystem processes these frames without adequate validation of memory boundaries. This processing leads to a situation where a memory buffer is freed from the heap, but subsequent operations attempt to reference that same memory location, resulting in a use-after-free condition. The vulnerability is particularly dangerous because it requires only the ability to inject wireless frames, which can be achieved through various means including rogue access points or compromised wireless clients within range.
The operational impact of this vulnerability extends beyond simple system crashes, as the use-after-free condition creates opportunities for privilege escalation and remote code execution. When the kernel attempts to access freed memory, it may trigger memory corruption that allows attackers to manipulate kernel memory structures, potentially leading to arbitrary code execution with kernel-level privileges. This represents a severe compromise of system integrity, as successful exploitation could result in complete system compromise, data exfiltration, or persistent backdoor installation. The vulnerability affects wireless networking infrastructure including access points, wireless routers, and any device running affected kernel versions that process wireless management frames.
Mitigation strategies for CVE-2022-42719 primarily focus on kernel version updates and immediate patch application. System administrators should prioritize upgrading to kernel versions 5.19.15 or later, where the vulnerability has been addressed through proper memory management and validation of multi-BSSID element parsing. Additionally, network administrators can implement network segmentation and wireless frame filtering to reduce the attack surface, though these measures provide only partial protection. The vulnerability aligns with CWE-416, which describes the use of freed memory condition, and maps to ATT&CK technique T1059.007 for privilege escalation through kernel exploits. Organizations should also consider implementing wireless intrusion detection systems to monitor for suspicious frame injection patterns and maintain comprehensive backup and recovery procedures to address potential exploitation attempts.