Chiencc / asuswrt-gt-ac5300

asuswrt-gt-ac5300
Other
0 stars 0 forks source link

miwific77e267e86535747b99ffe2488e76c7d6168f4f5: 8 vulnerabilities (highest severity is: 8.8) #20

Open mend-for-github-com[bot] opened 1 year ago

mend-for-github-com[bot] commented 1 year ago
Vulnerable Library - miwific77e267e86535747b99ffe2488e76c7d6168f4f5

Kernel, Toolchain ... of Xiaomi Router R1D

Library home page: https://github.com/comcat/miwifi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Vulnerable Source Files (1)

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (miwific77e267e86535747b99ffe2488e76c7d6168f4f5 version) Remediation Possible**
CVE-2022-42719 High 8.8 miwific77e267e86535747b99ffe2488e76c7d6168f4f5 Direct v5.15.74,v5.19.16,v6.1-rc1
CVE-2018-25020 High 7.8 miwific77e267e86535747b99ffe2488e76c7d6168f4f5 Direct v4.17
CVE-2021-39685 High 7.8 miwific77e267e86535747b99ffe2488e76c7d6168f4f5 Direct v4.4.295,v4.9.293,v4.14.258,v4.19.221,v5.4.165,v5.10.85,v5.15.8,v5.16-rc5
CVE-2021-28712 Medium 6.5 miwific77e267e86535747b99ffe2488e76c7d6168f4f5 Direct v4.4.296,v4.9.294,v4.14.259,v4.19.222,v5.4.168,v5.10.88,v5.15.11,v5.16-rc7
CVE-2014-3145 Medium 6.2 miwific77e267e86535747b99ffe2488e76c7d6168f4f5 Direct v3.15-rc2,v3.12.21,v3.14.5,v3.2.60
CVE-2020-36322 Medium 5.5 miwific77e267e86535747b99ffe2488e76c7d6168f4f5 Direct v5.4.88,v5.10.6,v5.11-rc1
CVE-2022-42722 Medium 5.5 miwific77e267e86535747b99ffe2488e76c7d6168f4f5 Direct v5.10.148,v5.15.74,v5.19.16
CVE-2019-20934 Medium 5.3 miwific77e267e86535747b99ffe2488e76c7d6168f4f5 Direct v5.3-rc2

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2022-42719 ### Vulnerable Library - miwific77e267e86535747b99ffe2488e76c7d6168f4f5

Kernel, Toolchain ... of Xiaomi Router R1D

Library home page: https://github.com/comcat/miwifi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/net/mac80211/ieee80211_i.h

### Vulnerability Details

A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.

Publish Date: 2022-10-13

URL: CVE-2022-42719

### CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Adjacent - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2022-42719

Release Date: 2022-10-13

Fix Resolution: v5.15.74,v5.19.16,v6.1-rc1

CVE-2018-25020 ### Vulnerable Library - miwific77e267e86535747b99ffe2488e76c7d6168f4f5

Kernel, Toolchain ... of Xiaomi Router R1D

Library home page: https://github.com/comcat/miwifi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.

Publish Date: 2021-12-08

URL: CVE-2018-25020

### CVSS 3 Score Details (7.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25020

Release Date: 2021-12-08

Fix Resolution: v4.17

CVE-2021-39685 ### Vulnerable Library - miwific77e267e86535747b99ffe2488e76c7d6168f4f5

Kernel, Toolchain ... of Xiaomi Router R1D

Library home page: https://github.com/comcat/miwifi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel

Publish Date: 2022-03-16

URL: CVE-2021-39685

### CVSS 3 Score Details (7.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2021-39685

Release Date: 2022-03-16

Fix Resolution: v4.4.295,v4.9.293,v4.14.258,v4.19.221,v5.4.165,v5.10.85,v5.15.8,v5.16-rc5

CVE-2021-28712 ### Vulnerable Library - miwific77e267e86535747b99ffe2488e76c7d6168f4f5

Kernel, Toolchain ... of Xiaomi Router R1D

Library home page: https://github.com/comcat/miwifi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/net/xen-netfront.c /release/src-rt-7.14.114.x/src/linux/linux-2.6.36/drivers/net/xen-netfront.c

### Vulnerability Details

Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713

Publish Date: 2022-01-05

URL: CVE-2021-28712

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Changed - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2021-28712

Release Date: 2022-01-05

Fix Resolution: v4.4.296,v4.9.294,v4.14.259,v4.19.222,v5.4.168,v5.10.88,v5.15.11,v5.16-rc7

CVE-2014-3145 ### Vulnerable Library - miwific77e267e86535747b99ffe2488e76c7d6168f4f5

Kernel, Toolchain ... of Xiaomi Router R1D

Library home page: https://github.com/comcat/miwifi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced.

Publish Date: 2014-05-11

URL: CVE-2014-3145

### CVSS 3 Score Details (6.2)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2014-3145

Release Date: 2014-05-11

Fix Resolution: v3.15-rc2,v3.12.21,v3.14.5,v3.2.60

CVE-2020-36322 ### Vulnerable Library - miwific77e267e86535747b99ffe2488e76c7d6168f4f5

Kernel, Toolchain ... of Xiaomi Router R1D

Library home page: https://github.com/comcat/miwifi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.

Publish Date: 2021-04-14

URL: CVE-2020-36322

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2020-36322

Release Date: 2021-04-14

Fix Resolution: v5.4.88,v5.10.6,v5.11-rc1

CVE-2022-42722 ### Vulnerable Library - miwific77e267e86535747b99ffe2488e76c7d6168f4f5

Kernel, Toolchain ... of Xiaomi Router R1D

Library home page: https://github.com/comcat/miwifi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.

Publish Date: 2022-10-14

URL: CVE-2022-42722

### CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2022-42722

Release Date: 2022-10-14

Fix Resolution: v5.10.148,v5.15.74,v5.19.16

CVE-2019-20934 ### Vulnerable Library - miwific77e267e86535747b99ffe2488e76c7d6168f4f5

Kernel, Toolchain ... of Xiaomi Router R1D

Library home page: https://github.com/comcat/miwifi.git

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (1)

### Vulnerability Details

An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.

Publish Date: 2020-11-28

URL: CVE-2019-20934

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20934

Release Date: 2020-11-28

Fix Resolution: v5.3-rc2

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

mend-for-github-com[bot] commented 1 year ago

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.