PT-2025-8472 · Linux+4 · Linux Kernel+4

Published

2022-01-01

Updated

2026-05-26

CVE-2022-49539

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, specifically in the rtw89 module. The issue involves CAM leaks during the L2 reset process and ieee80211 restart hw() function call. The CAM, which refers to address CAM and bssid CAM, would leak during this process. The normal flow of the system would result in leaks after L2 reset if a non-sec connection is present. The ieee80211 restart hw() flow would also cause additional leaks. The fix involves releasing CAM before HW restart, regardless of the connection type, and checking if CAM is already valid to avoid multiple acquisitions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Resource Release

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-401

Related Identifiers

ALSA-2025_16880

BDU:2026-03895

CESA-2023_2951

CVE-2022-49539

RHSA-2023:2458

RHSA-2023:2951

RHSA-2023_2458

RHSA-2023_2951

Affected Products

Astra Linux

Centos

Debian

Linux Kernel

Red Hat

PT-2025-8472 · Linux+4 · Linux Kernel+4

CVE-2022-49539

Weakness Enumeration

Related Identifiers

Affected Products

References · 19