CVE-2022-49130

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49130
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49130.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49130
Downstream
Related
Published
2025-02-26T01:55:06.124Z
Modified
2025-11-19T13:49:06.917974Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
ath11k: mhi: use mhi_sync_power_up()
Details

In the Linux kernel, the following vulnerability has been resolved:

ath11k: mhi: use mhisyncpower_up()

If amss.bin was missing ath11k would crash during 'rmmod ath11kpci'. The reason for that was that we were using mhiasyncpowerup() which does not check any errors. But mhisyncpower_up() on the other hand does check for errors so let's use that to fix the crash.

I was not able to find a reason why an async version was used. ath11kmhistart() (which enables state ATH11KMHIPOWERON) is called from ath11khifpowerup(), which can sleep. So sync version should be safe to use here.

[ 145.569731] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP DEBUGPAGEALLOC KASAN PTI [ 145.569789] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 145.569843] CPU: 2 PID: 1628 Comm: rmmod Kdump: loaded Tainted: G W 5.16.0-wt-ath+ #567 [ 145.569898] Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 [ 145.569956] RIP: 0010:ath11khalsrngaccessbegin+0xb5/0x2b0 [ath11k] [ 145.570028] Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 ec 01 00 00 48 8b ab a8 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 <0f> b6 14 02 48 89 e8 83 e0 07 83 c0 03 45 85 ed 75 48 38 d0 7c 08 [ 145.570089] RSP: 0018:ffffc900025d7ac0 EFLAGS: 00010246 [ 145.570144] RAX: dffffc0000000000 RBX: ffff88814fca2dd8 RCX: 1ffffffff50cb455 [ 145.570196] RDX: 0000000000000000 RSI: ffff88814fca2dd8 RDI: ffff88814fca2e80 [ 145.570252] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffffa8659497 [ 145.570329] R10: fffffbfff50cb292 R11: 0000000000000001 R12: ffff88814fca0000 [ 145.570410] R13: 0000000000000000 R14: ffff88814fca2798 R15: ffff88814fca2dd8 [ 145.570465] FS: 00007fa399988540(0000) GS:ffff888233e00000(0000) knlGS:0000000000000000 [ 145.570519] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.570571] CR2: 00007fa399b51421 CR3: 0000000137898002 CR4: 00000000003706e0 [ 145.570623] Call Trace: [ 145.570675] <TASK> [ 145.570727] ? ath11kcetxprocesscb+0x34b/0x860 [ath11k] [ 145.570797] ath11kcetxprocesscb+0x356/0x860 [ath11k] [ 145.570864] ? taskletinit+0x150/0x150 [ 145.570919] ? ath11kceallocpipes+0x280/0x280 [ath11k] [ 145.570986] ? taskletclearsched+0x42/0xe0 [ 145.571042] ? taskletkill+0xe9/0x1b0 [ 145.571095] ? taskletclearsched+0xe0/0xe0 [ 145.571148] ? irqhasaction+0x120/0x120 [ 145.571202] ath11kcecleanuppipes+0x45a/0x580 [ath11k] [ 145.571270] ? ath11kpcistop+0x10e/0x170 [ath11kpci] [ 145.571345] ath11kcorestop+0x8a/0xc0 [ath11k] [ 145.571434] ath11kcoredeinit+0x9e/0x150 [ath11k] [ 145.571499] ath11kpciremove+0xd2/0x260 [ath11kpci] [ 145.571553] pcideviceremove+0x9a/0x1c0 [ 145.571605] _devicereleasedriver+0x332/0x660 [ 145.571659] driverdetach+0x1e7/0x2c0 [ 145.571712] busremovedriver+0xe2/0x2d0 [ 145.571772] pciunregisterdriver+0x21/0x250 [ 145.571826] _dosysdeletemodule+0x30a/0x4b0 [ 145.571879] ? freemodule+0xac0/0xac0 [ 145.571933] ? lockdephardirqsonprepare.part.0+0x18c/0x370 [ 145.571986] ? syscallenterfromusermode+0x1d/0x50 [ 145.572039] ? lockdephardirqson+0x79/0x100 [ 145.572097] dosyscall64+0x3b/0x90 [ 145.572153] entrySYSCALL64after_hwframe+0x44/0xae

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03003-QCAHSPSWPLV1V2SILICONZLITE-2

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d5c65159f2895379e11ca13f62feabe93278985d
Fixed
339bd0b55ecdd0f7f341e9357c4cfde799de9418
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d5c65159f2895379e11ca13f62feabe93278985d
Fixed
20d01a11efde2e05e47d5c66101f5c26eaca68e2
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d5c65159f2895379e11ca13f62feabe93278985d
Fixed
3fd7d50384c3808b7f7fa135aa9bb5feb1cb9849
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d5c65159f2895379e11ca13f62feabe93278985d
Fixed
646d533af2911be1184eaee8c900b7eb8ecc4396
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d5c65159f2895379e11ca13f62feabe93278985d
Fixed
3df6d74aedfdca919cca475d15dfdbc8b05c9e5d

Affected versions

v5.*

v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.10.1
v5.10.10
v5.10.100
v5.10.101
v5.10.102
v5.10.103
v5.10.104
v5.10.105
v5.10.106
v5.10.107
v5.10.108
v5.10.109
v5.10.11
v5.10.110
v5.10.12
v5.10.13
v5.10.14
v5.10.15
v5.10.16
v5.10.17
v5.10.18
v5.10.19
v5.10.2
v5.10.20
v5.10.21
v5.10.22
v5.10.23
v5.10.24
v5.10.25
v5.10.26
v5.10.27
v5.10.28
v5.10.29
v5.10.3
v5.10.30
v5.10.31
v5.10.32
v5.10.33
v5.10.34
v5.10.35
v5.10.36
v5.10.37
v5.10.38
v5.10.39
v5.10.4
v5.10.40
v5.10.41
v5.10.42
v5.10.43
v5.10.44
v5.10.45
v5.10.46
v5.10.47
v5.10.48
v5.10.49
v5.10.5
v5.10.50
v5.10.51
v5.10.52
v5.10.53
v5.10.54
v5.10.55
v5.10.56
v5.10.57
v5.10.58
v5.10.59
v5.10.6
v5.10.60
v5.10.61
v5.10.62
v5.10.63
v5.10.64
v5.10.65
v5.10.66
v5.10.67
v5.10.68
v5.10.69
v5.10.7
v5.10.70
v5.10.71
v5.10.72
v5.10.73
v5.10.74
v5.10.75
v5.10.76
v5.10.77
v5.10.78
v5.10.79
v5.10.8
v5.10.80
v5.10.81
v5.10.82
v5.10.83
v5.10.84
v5.10.85
v5.10.86
v5.10.87
v5.10.88
v5.10.89
v5.10.9
v5.10.90
v5.10.91
v5.10.92
v5.10.93
v5.10.94
v5.10.95
v5.10.96
v5.10.97
v5.10.98
v5.10.99
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.3
v5.15.30
v5.15.31
v5.15.32
v5.15.33
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.10
v5.16.11
v5.16.12
v5.16.13
v5.16.14
v5.16.15
v5.16.16
v5.16.17
v5.16.18
v5.16.19
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.2
v5.4
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

Database specific

vanir_signatures

[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "99650651091335185970978349688438669372",
                "165134830016523631581750540413906288346",
                "246828005825704649316053066351837474046",
                "305278633707364333268967525321403146055"
            ]
        },
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/mhi.c"
        },
        "id": "CVE-2022-49130-6a983452",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3df6d74aedfdca919cca475d15dfdbc8b05c9e5d",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "99650651091335185970978349688438669372",
                "165134830016523631581750540413906288346",
                "246828005825704649316053066351837474046",
                "305278633707364333268967525321403146055"
            ]
        },
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/mhi.c"
        },
        "id": "CVE-2022-49130-82b99b5c",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@646d533af2911be1184eaee8c900b7eb8ecc4396",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "99650651091335185970978349688438669372",
                "165134830016523631581750540413906288346",
                "246828005825704649316053066351837474046",
                "305278633707364333268967525321403146055"
            ]
        },
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/mhi.c"
        },
        "id": "CVE-2022-49130-a1fce2ac",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@20d01a11efde2e05e47d5c66101f5c26eaca68e2",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "99650651091335185970978349688438669372",
                "165134830016523631581750540413906288346",
                "246828005825704649316053066351837474046",
                "305278633707364333268967525321403146055"
            ]
        },
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/mhi.c"
        },
        "id": "CVE-2022-49130-a620c6c6",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3fd7d50384c3808b7f7fa135aa9bb5feb1cb9849",
        "signature_version": "v1",
        "deprecated": false
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "99650651091335185970978349688438669372",
                "165134830016523631581750540413906288346",
                "246828005825704649316053066351837474046",
                "305278633707364333268967525321403146055"
            ]
        },
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/mhi.c"
        },
        "id": "CVE-2022-49130-b0bc262c",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@339bd0b55ecdd0f7f341e9357c4cfde799de9418",
        "signature_version": "v1",
        "deprecated": false
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.6.0
Fixed
5.10.111
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.34
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.16.20
Type
ECOSYSTEM
Events
Introduced
5.17.0
Fixed
5.17.3