CVE-2022-42721: 
Linux Kernel vulnerability analysis and mitigation

A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 was discovered. The vulnerability affects the handling of non-transmitted BSS lists in wireless networks, where a local attacker with the ability to inject WLAN frames could corrupt a linked list and potentially execute code (CVE Mitre, NVD).

The vulnerability occurs when a non-transmitted BSS shares both SSID and BSSID information with another non-transmitted BSS of a different AP. In this scenario, the system can find and update it, then attempt to add it to the non-transmitted BSS list. However, if the BSS is not found on the transmitted BSS (but belongs to another transmitted BSS), the list becomes corrupted. The issue was introduced in Linux kernel version 5.1-rc1 and was fixed with a patch that fails the list insertion in this erroneous situation and frees the non-transmitted BSS (Kernel Commit).

When successfully exploited, this vulnerability can lead to a denial of service condition through an endless loop. In more severe cases, it could potentially allow for code execution. The vulnerability affects systems running the vulnerable Linux kernel versions with wireless networking capabilities (Ubuntu Security).

The vulnerability has been fixed in Linux kernel version 5.19.16 and later. The fix involves modifying the cfg80211addnontrans_list function to properly handle cases where a non-transmitted BSS is already on another list. Various Linux distributions have released patches for their respective kernel versions, including Ubuntu, Debian, and Fedora (Debian Security, Fedora Update).