Linux · Linux Kernel · CVE-2022-49533
**Name of the Vulnerable Software and Affected Versions**
Linux kernel (affected versions not specified)
**Description**
A buffer overflow issue exists in the Linux kernel, specifically in the ath11k driver. The scan req params structure can hold a maximum of 10 SSIDs, but the driver reports a capacity of 16 SSIDs, leading to a potential buffer overflow when copying SSIDs into the structure. This issue can be triggered from wpa supplicant in userspace. The firmware supports up to 64 probe requests, with 16 SSIDs and 4 BSSIDs each.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.