MNBSD-2022-8: Heap overflow in 802.11s Mesh ID beacon handling

Severity: Unknown

Affected Package: kernel

Summary: Heap overflow in 802.11s Mesh ID beacon handling

Description

The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it into a heap-allocated buffer. A malicious beacon frame could overwrite kernel memory, potentially achieving remote code execution when a MidnightBSD Wi-Fi client is in scanning mode.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2022-23088

Published: April 06, 2022
Last Modified: April 06, 2022