CVE-2022-49112

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified, specifically in the mt76 and mt7921s drivers. The issue arises when the mt7921s driver receives frames with fragment buffers in monitor mode. If a CTS packet is received, the payload is only 10 bytes, and 6 bytes of header padding are required after the RXD buffer. However, if the buffer size is pulled with skb pull(), it may trigger a BUG ON(skb->len < skb->data len) error in skb pull(). To resolve this, the RXD size has been enlarged from 128 to 256 bytes to ensure all MCU operations occur within the linear buffer.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the mt76 and mt7921s drivers, which enlarges the RXD size from 128 to 256 bytes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.