CVE-2022-49130: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, CVE-2022-49130 affects the ath11k wireless driver. The vulnerability was discovered when ath11k would crash during 'rmmod ath11kpci' if the amss.bin firmware file was missing. This occurred because the driver was using mhiasyncpowerup() which does not check for errors, instead of mhisyncpower_up() which properly validates error conditions (Kernel Git).

The vulnerability exists in the MHI (Modem Host Interface) power management code of the ath11k driver. The issue stems from using mhiasyncpower_up() which does not perform error checking, leading to potential null pointer dereferences. The crash manifests as a general protection fault at address 0xdffffc0000000000, with KASAN reporting a null-ptr-deref in the range [0x0000000000000000-0x0000000000000007] (Kernel Git).

When exploited, this vulnerability can cause a kernel crash (denial of service) when attempting to remove the ath11k_pci module if the required firmware file is missing. This affects system stability and availability (Kernel Git).

The fix involves replacing the call to mhiasyncpowerup() with mhisyncpowerup() in the ath11k driver's MHI state management code. This ensures proper error checking during the power-up sequence. The fix has been implemented in the Linux kernel (Kernel Git).