CVE-2022-40279 - OpenCVE

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Tizenrt

Configuration 1 [-]

OR	cpe:2.3:o:samsung:tizenrt:1.0:m1::::::
	cpe:2.3:o:samsung:tizenrt:1.1:::::::*
	cpe:2.3:o:samsung:tizenrt:2.0:gbm_m1::::::
	cpe:2.3:o:samsung:tizenrt:2.0:m2::::::
	cpe:2.3:o:samsung:tizenrt:3.0:gbm::::::
	cpe:2.3:o:samsung:tizenrt:3.1:pre::::::

References

Link	Resource
https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/wpa_supplicant/src/l2_packet/l2_packet_pcap.c#L181	Exploit Third Party Advisory
https://github.com/Samsung/TizenRT/issues/5629	Issue Tracking Third Party Advisory
https://linux.die.net/man/3/pcap_dispatch	Technical Description Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-08T21:05:52

Updated: 2022-09-29T16:39:39

Reserved: 2022-09-08T00:00:00

Link: CVE-2022-40279

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-29T03:15:15.483

Modified: 2022-09-30T23:00:19.073

Link: CVE-2022-40279

JSON object: View

Redhat Information

No data.

CWE

CWE-252

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-29T16:39:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://linux.die.net/man/3/pcap_dispatch"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Samsung/TizenRT/issues/5629"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/wpa_supplicant/src/l2_packet/l2_packet_pcap.c#L181"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-40279", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://linux.die.net/man/3/pcap_dispatch", "refsource": "MISC", "url": "https://linux.die.net/man/3/pcap_dispatch"}, {"name": "https://github.com/Samsung/TizenRT/issues/5629", "refsource": "MISC", "url": "https://github.com/Samsung/TizenRT/issues/5629"}, {"name": "https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/wpa_supplicant/src/l2_packet/l2_packet_pcap.c#L181", "refsource": "MISC", "url": "https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/wpa_supplicant/src/l2_packet/l2_packet_pcap.c#L181"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-40279", "datePublished": "2022-09-08T21:05:52", "dateReserved": "2022-09-08T00:00:00", "dateUpdated": "2022-09-29T16:39:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:tizenrt:1.0:m1:*:*:*:*:*:*", "matchCriteriaId": "6B59E31E-7082-4719-97B6-3ADA43058E65", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:tizenrt:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE872D95-2039-406B-9D8A-39E44982B840", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:tizenrt:2.0:gbm_m1:*:*:*:*:*:*", "matchCriteriaId": "696A5152-A4E2-4055-B5A8-A62AF68A88A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:tizenrt:2.0:m2:*:*:*:*:*:*", "matchCriteriaId": "40E906C5-1461-4F30-8306-68BF8EE9A070", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:tizenrt:3.0:gbm:*:*:*:*:*:*", "matchCriteriaId": "59AD1A65-ECC5-4DC0-A7BB-C616E24A42A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:samsung:tizenrt:3.1:pre:*:*:*:*:*:*", "matchCriteriaId": "A54CEC8E-52CF-4773-BCFB-A7F0B1FEC2BC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction)."}, {"lang": "es", "value": "Se ha detectado un problema en Samsung TizenRT versiones hasta 3.0_GBM (y 3.1_PRE). l2_packet_receive_timeout en el archivo wpa_supplicant/src/l2_packet/l2_packet_pcap.c presenta una comprobaci\u00f3n ausente en el valor de retorno de pcap_dispatch, conllevando a una denegaci\u00f3n de servicio (mal funcionamiento)"}], "id": "CVE-2022-40279", "lastModified": "2022-09-30T23:00:19.073", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-29T03:15:15.483", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Samsung/TizenRT/blob/f8f776dd183246ad8890422c1ee5e8f33ab2aaaf/external/wpa_supplicant/src/l2_packet/l2_packet_pcap.c#L181"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Samsung/TizenRT/issues/5629"}, {"source": "cve@mitre.org", "tags": ["Technical Description", "Third Party Advisory"], "url": "https://linux.die.net/man/3/pcap_dispatch"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-252"}], "source": "nvd@nist.gov", "type": "Primary"}]}