CVE-2022-50701

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc5

Description The Linux kernel contains a flaw within the mt76 and mt7921s components related to SDIO host handling. Insufficient tailroom allocation for skb structures can lead to out-of-bounds memory access during bus operations. Specifically, the issue arises when the SDIO interface requires additional bytes for alignment, and the skb does not have sufficient space. This can result in a slab-out-of-bounds read, potentially leading to system instability or other undefined behavior. The issue is triggered during low-level operations and involves functions such as sg copy buffer, memcpy, and mt76 mcu send and get msg. The mt7921 run firmware function is also implicated in the call trace.

Recommendations Update to a version of the Linux kernel that contains a fix for this vulnerability.