CVE-2022-50279: 
Linux Kernel vulnerability analysis and mitigation

A global-out-of-bounds vulnerability was discovered in the Linux kernel's rtlwifi driver, specifically in the _rtl8812ae_phy_set_txpower_limit() function. The vulnerability was identified and tracked as CVE-2022-50279. The issue affects the Linux kernel's WiFi subsystem, particularly the RTL8812AE wireless network adapter driver (NVD).

The vulnerability stems from an incorrect comparison order of 'prate_section' in the _rtl8812ae_phy_set_txpower_limit() function. The _rtl8812ae_eq_n_byte() function compares the first n bytes of two strings from tail to head, which leads to an out-of-bounds access when 'prate_section' is 'HT'. The issue was introduced when the driver was moved from staging to the regular tree and the txpower limit function was added during the driver config phase (NVD).

When exploited, this vulnerability can cause a global-out-of-bounds read of size 1, potentially leading to a system crash or denial of service. The issue was detected by KASAN (Kernel Address Sanitizer) during system operation (NVD).

The vulnerability was fixed by removing the _rtl8812ae_eq_n_byte() function and replacing it with strcmp(). While adjusting the comparison order of 'prate_section' could have been an alternative fix, this approach was not chosen as it might cause the value of 'rate_section' to fall outside the expected range of 0 to 5 (NVD).