Alpine: multiple linux-lts packages: security update to 5.15.74-r0

high Tenable Self-Hosted Container Security Plugin ID 424114

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could
cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c. (CVE-2022-41674)

- A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through
5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and
potentially execute code. (CVE-2022-42719)

- Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through
5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-
free conditions to potentially execute code. (CVE-2022-42720)

- A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before
5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in
turn, potentially execute code. (CVE-2022-42721)

- In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the
mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon
protection of P2P devices. (CVE-2022-42722)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-41674

https://security.alpinelinux.org/vuln/CVE-2022-42719

https://security.alpinelinux.org/vuln/CVE-2022-42720

https://security.alpinelinux.org/vuln/CVE-2022-42721

https://security.alpinelinux.org/vuln/CVE-2022-42722

Plugin Details

Severity: High

ID: 424114

Version: Revision 1.10

Type: Local

Published: 4/4/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 97.35

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-42719

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722