#VU104633 NULL pointer dereference in Linux kernel - CVE-2022-49130

Cybersecurity Help s.r.o.

Published: 2025-02-26 | Updated: 2025-05-11

Vulnerability identifier: #VU104633

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49130

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ath11k_mhi_set_state() function in drivers/net/wireless/ath/ath11k/mhi.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.17, 5.17 rc1, 5.17 rc2, 5.17 rc3, 5.17 rc4, 5.17 rc5, 5.17 rc6, 5.17 rc7, 5.17 rc8, 5.17 rc9, 5.17 rc12, 5.17.1, 5.17.2

External links
https://git.kernel.org/stable/c/20d01a11efde2e05e47d5c66101f5c26eaca68e2
https://git.kernel.org/stable/c/339bd0b55ecdd0f7f341e9357c4cfde799de9418
https://git.kernel.org/stable/c/3df6d74aedfdca919cca475d15dfdbc8b05c9e5d
https://git.kernel.org/stable/c/3fd7d50384c3808b7f7fa135aa9bb5feb1cb9849
https://git.kernel.org/stable/c/646d533af2911be1184eaee8c900b7eb8ecc4396
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17.3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

NULL pointer dereference in Linux kernel ath ath11k driver