CVE-2022-49942
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-11-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | 6.0 |
| linux | linux_kernel | 6.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's wifi mac80211 component. It occurs because the system attempts to finalize a Channel Switch Announcement (CSA) in IBSS (ad-hoc) mode even when the wifi state is disconnected. Since there is no active connection, the BSS list is empty, causing a function (cfg80211_get_bss) to return NULL and triggering a warning (WARN_ON) in the ieee80211_ibss_csa_beacon function. The fix involves checking for an existing connection before generating the CSA beacon to avoid this issue.
How can this vulnerability impact me? :
This vulnerability can cause warnings or errors in the wifi subsystem of the Linux kernel when it tries to perform channel switch operations without an active connection. This could potentially lead to instability or unexpected behavior in wireless networking on affected systems, especially in IBSS mode.