PT-2024-11882 · Linux +5 · Linux Kernel +5

Published

2022-11-25

·

Updated

2025-02-13

·

CVE-2022-49022

Report an issue
CVSS v3.1
7.8
VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions:

Linux kernel versions prior to 6.1.0-060100rc3-generic

Description:

The issue is related to a possible out-of-bound access in the `ieee80211 get rate duration` routine. This was reported by a UBSAN (Undefined Behavior Sanitizer) report, which indicated an array-index-out-of-bounds error in the `net/mac80211/airtime.c` file. The error occurred because an index of 15 was out of range for a type 'u16 [12]'. The vulnerability is related to the wifi and mac8021 components of the Linux kernel.

Recommendations:

For Linux kernel versions prior to 6.1.0-060100rc3-generic, consider updating to a newer version that includes the fix for the out-of-bound access issue in the `ieee80211 get rate duration` routine. As a temporary workaround, consider restricting access to the vulnerable wifi and mac8021 components until a patch is available.

Exploit

Fix

Improper Validation of Array Index

Weakness Enumeration

CWE-129

Related Identifiers

ALT-PU-2023-1066
BDU:2025-07471
CVE-2022-49022
OPENSUSE-SU-2024_3983-1
OPENSUSE-SU-2024_3985-1
OPENSUSE-SU-2024_4131-1
OPENSUSE-SU-2024_4313-1
RHSA-2023:2458
RHSA-2023_2458
SUSE-SU-2024:3983-1
SUSE-SU-2024:3985-1
SUSE-SU-2024:4082-1
SUSE-SU-2024:4131-1
SUSE-SU-2024:4313-1
SUSE-SU-2024:4317-1
SUSE-SU-2024:4364-1

Affected Products

Alt Linux
Astra Linux
Linux Kernel
Red Hat
Red Os
Suse