CVE-2022-49500

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49500

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49500.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49500

Downstream

DEBIAN-CVE-2022-49500

UBUNTU-CVE-2022-49500

Published

2025-02-26T02:13:34Z

Modified

2025-10-13T17:37:52.278551Z

Summary

wl1251: dynamically allocate memory used for DMA

Details

In the Linux kernel, the following vulnerability has been resolved:

wl1251: dynamically allocate memory used for DMA

With introduction of vmap'ed stacks, stack parameters can no longer be used for DMA and now leads to kernel panic.

It happens at several places for the wl1251 (e.g. when accessed through SDIO) making it unuseable on e.g. the OpenPandora.

We solve this by allocating temporary buffers or use wl1251_read32().

Tested on v5.18-rc5 with OpenPandora.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a1c510d0adc604bb143c86052bc5be48cbcfa17c

Fixed

da03bbfbf5acd1ab0b074617e865ad1e8a5779ef

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a1c510d0adc604bb143c86052bc5be48cbcfa17c

Fixed

454744754cbf2c21b3fc7344e46e10bee2768094

Affected versions

v5.*

v5.16

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.18.1

v5.18.2

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.18.0

Fixed

5.18.3