Input validation error in Linux kernel mac80211



| Updated: 2025-05-12
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-49022
CWE-ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU99200

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49022

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ieee80211_get_rate_duration() function in net/mac80211/airtime.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.10 - 6.1 rc7

CPE2.3 External links

https://git.kernel.org/stable/c/0184ede0ec61b9cd075babfaa45081b1bf322234
https://git.kernel.org/stable/c/59b54f0563b6546c94bdb6823d3b382c75407019
https://git.kernel.org/stable/c/f0fcad4c7201ecfaa17357f4ce0c50b4708df22d
https://git.kernel.org/stable/c/3e8f7abcc3473bc9603323803aeaed4ffcc3a2ab
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.158
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.82
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###