Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-50361
CVE-2022-50361:
Linux Kernel vulnerability analysis and mitigation
Overview
In the Linux kernel, a vulnerability (CVE-2022-50361) was identified related to missing unregister_netdev() in wilc_netdev_ifc_init(). The issue was discovered through fault injection testing that revealed a kernel BUG at net/core/dev.c:10731 (NVD).
Technical details
The root cause of this vulnerability is that when alloc_ordered_workqueue() fails, neither cfg80211_unregister_netdevice() nor unregister_netdev() is called in the error handling path. This leads to a kernel bug that manifests as an invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI, as demonstrated in the call trace through wilc_netdev_ifc_init, wilc_cfg80211_init, and wilc_bus_probe functions (NVD).
Impact
The vulnerability affects the Linux kernel's networking subsystem, specifically the wilc1000 WiFi driver. When triggered, it can cause a kernel panic, potentially leading to system instability or denial of service (Ubuntu).
Mitigation and workarounds
The fix involves adding an unregister_netdev goto label to implement the unregister operation in the error handling path. This ensures proper cleanup when allocation failures occur (NVD).
Additional resources
Source: This report was generated using AI
Related Linux Kernel vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management