FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- 802.11 heap buffer overflow

Affected packages
13.0 <= FreeBSD-kernel < 13.0_11
12.3 <= FreeBSD-kernel < 12.3_5

Details

VuXML ID d4cc994f-b61d-11ec-9ebc-1c697aa5a594
Discovery 2022-04-06
Entry 2022-04-07

Problem Description:

The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.

Impact:

While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution.

References

CVE Name CVE-2022-23088
FreeBSD Advisory SA-22:07.wifi_meshid