CVE-2022-48875

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc8-wt+

Description The issue is related to the ieee80211 tx ba session handle start() function in the mac80211 component of the Linux kernel. When a deauthentication is ongoing, this function may receive a NULL value for sdata, leading to a potential denial-of-service condition. The vulnerability can be triggered by a race condition with the hostapd test multi ap fronthaul on ap. Technical details about the exploitation include the drv ampdu action function and the get bss sdata function, which may return NULL for sdata. The ieee80211 tx ba session handle start() function is called with a potentially NULL sdata value, causing the issue.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions prior to 6.1.0-rc8-wt+ are affected. As a temporary workaround, consider disabling the ieee80211 tx ba session handle start() function until a patch is available. However, this may have unintended consequences on the system's functionality. At the moment, there is no information about a newer version that contains a fix for this vulnerability.