Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-49112
CVE-2022-49112:
Linux Kernel vulnerability analysis and mitigation
Overview
CVE-2022-49112 is a vulnerability in the Linux kernel affecting the mt7921s driver component. The vulnerability was discovered in 2022 and relates to monitor mode functionality in the SDIO driver.
Technical details
The vulnerability occurs when the mt7921s driver receives frames with fragment buffers in monitor mode. Specifically, when a CTS packet is received in monitor mode with a 10-byte payload requiring 6 bytes of header padding after the RXD buffer, an issue arises because only RXD exists in the first linear buffer. When attempting to pull buffer size RXD-size+6 bytes with skbpull(), it triggers a 'BUGON(skb->len < skb->datalen)' condition in _skb_pull() (Linux Kernel).
Impact
The vulnerability can cause a kernel crash when using monitor mode with the mt7921s SDIO driver, potentially leading to system instability and denial of service conditions.
Mitigation and workarounds
The fix involves enlarging the RXD size from 128 to 256 bytes to ensure all MCU operations remain in the linear buffer, preventing the nonlinear buffer issue. This was implemented through a patch to the Linux kernel (Linux Kernel).
Additional resources
Source: This report was generated using AI
Related Linux Kernel vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management