{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49500", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.586Z", "datePublished": "2025-02-26T02:13:34.223Z", "dateUpdated": "2025-05-04T08:39:16.013Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:39:16.013Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwl1251: dynamically allocate memory used for DMA\n\nWith introduction of vmap'ed stacks, stack parameters can no\nlonger be used for DMA and now leads to kernel panic.\n\nIt happens at several places for the wl1251 (e.g. when\naccessed through SDIO) making it unuseable on e.g. the\nOpenPandora.\n\nWe solve this by allocating temporary buffers or use wl1251_read32().\n\nTested on v5.18-rc5 with OpenPandora."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/ti/wl1251/event.c", "drivers/net/wireless/ti/wl1251/io.c", "drivers/net/wireless/ti/wl1251/tx.c"], "versions": [{"version": "a1c510d0adc604bb143c86052bc5be48cbcfa17c", "lessThan": "da03bbfbf5acd1ab0b074617e865ad1e8a5779ef", "status": "affected", "versionType": "git"}, {"version": "a1c510d0adc604bb143c86052bc5be48cbcfa17c", "lessThan": "454744754cbf2c21b3fc7344e46e10bee2768094", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/ti/wl1251/event.c", "drivers/net/wireless/ti/wl1251/io.c", "drivers/net/wireless/ti/wl1251/tx.c"], "versions": [{"version": "5.18", "status": "affected"}, {"version": "0", "lessThan": "5.18", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.3", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "5.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.18", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/da03bbfbf5acd1ab0b074617e865ad1e8a5779ef"}, {"url": "https://git.kernel.org/stable/c/454744754cbf2c21b3fc7344e46e10bee2768094"}], "title": "wl1251: dynamically allocate memory used for DMA", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E122216-2E9E-4B3E-B7B8-D575A45BA3C2", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.18", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwl1251: dynamically allocate memory used for DMA\n\nWith introduction of vmap'ed stacks, stack parameters can no\nlonger be used for DMA and now leads to kernel panic.\n\nIt happens at several places for the wl1251 (e.g. when\naccessed through SDIO) making it unuseable on e.g. the\nOpenPandora.\n\nWe solve this by allocating temporary buffers or use wl1251_read32().\n\nTested on v5.18-rc5 with OpenPandora."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wl1251: asignar din\u00e1micamente memoria utilizada para DMA Con la introducci\u00f3n de pilas vmap'ed, los par\u00e1metros de pila ya no se pueden utilizar para DMA y ahora provoca un p\u00e1nico del kernel. Sucede en varios lugares para wl1251 (por ejemplo, cuando se accede a trav\u00e9s de SDIO), lo que lo hace inutilizable en, por ejemplo, OpenPandora. Solucionamos esto asignando b\u00faferes temporales o utilizando wl1251_read32(). Probado en v5.18-rc5 con OpenPandora."}], "id": "CVE-2022-49500", "lastModified": "2025-10-22T17:16:27.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:01:26.163", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/454744754cbf2c21b3fc7344e46e10bee2768094"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/da03bbfbf5acd1ab0b074617e865ad1e8a5779ef"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: wl1251: dynamically allocate memory used for DMA", "id": "2348121", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348121"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nwl1251: dynamically allocate memory used for DMA\nWith introduction of vmap'ed stacks, stack parameters can no\nlonger be used for DMA and now leads to kernel panic.\nIt happens at several places for the wl1251 (e.g. when\naccessed through SDIO) making it unuseable on e.g. the\nOpenPandora.\nWe solve this by allocating temporary buffers or use wl1251_read32().\nTested on v5.18-rc5 with OpenPandora."], "name": "CVE-2022-49500", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49500\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49500\nhttps://lore.kernel.org/linux-cve-announce/2025022607-CVE-2022-49500-2b04@gregkh/T"], "threat_severity": "Moderate"}