CVE-2022-49500
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-49500
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49500.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49500
- Downstream
- Published
- 2025-02-26T02:13:34Z
- Modified
- 2025-10-21T10:06:28.262583Z
- Summary
- wl1251: dynamically allocate memory used for DMA
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wl1251: dynamically allocate memory used for DMA
With introduction of vmap'ed stacks, stack parameters can no longer be used for DMA and now leads to kernel panic.
It happens at several places for the wl1251 (e.g. when accessed through SDIO) making it unuseable on e.g. the OpenPandora.
We solve this by allocating temporary buffers or use wl1251_read32().
Tested on v5.18-rc5 with OpenPandora.
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda1c510d0adc604bb143c86052bc5be48cbcfa17cFixedda03bbfbf5acd1ab0b074617e865ad1e8a5779ef
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduceda1c510d0adc604bb143c86052bc5be48cbcfa17cFixed454744754cbf2c21b3fc7344e46e10bee2768094
Affected versions
v5.*
v5.16
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.2
Database specific
vanir_signatures
[
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da03bbfbf5acd1ab0b074617e865ad1e8a5779ef",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "wl1251_tx_complete",
"file": "drivers/net/wireless/ti/wl1251/tx.c"
},
"id": "CVE-2022-49500-0af26940",
"signature_type": "Function",
"digest": {
"length": 1870.0,
"function_hash": "321838346720718374325722610064152473191"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@454744754cbf2c21b3fc7344e46e10bee2768094",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "wl1251_set_partition",
"file": "drivers/net/wireless/ti/wl1251/io.c"
},
"id": "CVE-2022-49500-13d596ab",
"signature_type": "Function",
"digest": {
"length": 1638.0,
"function_hash": "308780878017236884772179076229756490888"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da03bbfbf5acd1ab0b074617e865ad1e8a5779ef",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ti/wl1251/io.c"
},
"id": "CVE-2022-49500-14fb88ae",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"113090164012379922077922302140754458196",
"100027838267809954668354436908308793328",
"69293782927183728654894499790800289360",
"271613095861050864782854079992244785432",
"140762717077503534511362165218759250347",
"260699693364041177464258416624418648020",
"338896388234806796596522164934239423749",
"248032125908651124957302188978999649072",
"184534348392495094997590230515904248591",
"254439911179264839655384990111338920660",
"238872342424620284795418042499588931986",
"79865284468438263099080819036852695537",
"35724863135227371438575572315907865843"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da03bbfbf5acd1ab0b074617e865ad1e8a5779ef",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ti/wl1251/event.c"
},
"id": "CVE-2022-49500-3d588a34",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"274641085014874940788588087350253630570",
"18680584273742479468332477239432339514",
"67946882830750161305726569336703621713",
"257873097988905437350734912815906966200",
"95185602736169975713099591145281148171",
"1997932605583104621766526312697085780",
"268305587036451924636866510684706731275",
"192912107256369462234009863443656081453",
"87769041791123881746121211253202603721",
"220085453111517304993595188143305181615",
"256619596462181478383170749134733190468",
"246570768071286639849087831826471814773",
"52255490019217935077428054042951639444",
"209221522530060250243352534543570687208",
"324256289279154091358340126955247464661",
"82452312014661878575275419913218848962",
"30338476038506904704187778941802772219",
"127345048268956816003718040246579517016"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@454744754cbf2c21b3fc7344e46e10bee2768094",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ti/wl1251/tx.c"
},
"id": "CVE-2022-49500-4d759cc8",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"105221932324779811726837472184526157123",
"148873980442156705367976298496286813224",
"275070817179072068772900363332000034526",
"208629420201459074382090690429733544073",
"252969091340829912947001355484417097918",
"17809765491938294635261060204028159835",
"204775779024370623929382265651519287348",
"8820932864367430458519766589362115868",
"22708464974042182829452357108217614096",
"176792219400807580827442045615170129189",
"44159401327410665379081969529780138119",
"80918039031328346799959482798354021438",
"158171572901840358992848021852740591919",
"35810303240997957697602444048026158346"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da03bbfbf5acd1ab0b074617e865ad1e8a5779ef",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "wl1251_event_handle",
"file": "drivers/net/wireless/ti/wl1251/event.c"
},
"id": "CVE-2022-49500-57ef2c1b",
"signature_type": "Function",
"digest": {
"length": 385.0,
"function_hash": "308356347334082199054324996987710967920"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da03bbfbf5acd1ab0b074617e865ad1e8a5779ef",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ti/wl1251/tx.c"
},
"id": "CVE-2022-49500-7b5e1ae9",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"105221932324779811726837472184526157123",
"148873980442156705367976298496286813224",
"275070817179072068772900363332000034526",
"208629420201459074382090690429733544073",
"252969091340829912947001355484417097918",
"17809765491938294635261060204028159835",
"204775779024370623929382265651519287348",
"8820932864367430458519766589362115868",
"22708464974042182829452357108217614096",
"176792219400807580827442045615170129189",
"44159401327410665379081969529780138119",
"80918039031328346799959482798354021438",
"158171572901840358992848021852740591919",
"35810303240997957697602444048026158346"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@454744754cbf2c21b3fc7344e46e10bee2768094",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ti/wl1251/io.c"
},
"id": "CVE-2022-49500-88a0d5f7",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"113090164012379922077922302140754458196",
"100027838267809954668354436908308793328",
"69293782927183728654894499790800289360",
"271613095861050864782854079992244785432",
"140762717077503534511362165218759250347",
"260699693364041177464258416624418648020",
"338896388234806796596522164934239423749",
"248032125908651124957302188978999649072",
"184534348392495094997590230515904248591",
"254439911179264839655384990111338920660",
"238872342424620284795418042499588931986",
"79865284468438263099080819036852695537",
"35724863135227371438575572315907865843"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da03bbfbf5acd1ab0b074617e865ad1e8a5779ef",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "wl1251_event_wait",
"file": "drivers/net/wireless/ti/wl1251/event.c"
},
"id": "CVE-2022-49500-a8992c0a",
"signature_type": "Function",
"digest": {
"length": 433.0,
"function_hash": "14952006542386991384571341291373940321"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@454744754cbf2c21b3fc7344e46e10bee2768094",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "drivers/net/wireless/ti/wl1251/event.c"
},
"id": "CVE-2022-49500-b237a146",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"274641085014874940788588087350253630570",
"18680584273742479468332477239432339514",
"67946882830750161305726569336703621713",
"257873097988905437350734912815906966200",
"95185602736169975713099591145281148171",
"1997932605583104621766526312697085780",
"268305587036451924636866510684706731275",
"192912107256369462234009863443656081453",
"87769041791123881746121211253202603721",
"220085453111517304993595188143305181615",
"256619596462181478383170749134733190468",
"246570768071286639849087831826471814773",
"52255490019217935077428054042951639444",
"209221522530060250243352534543570687208",
"324256289279154091358340126955247464661",
"82452312014661878575275419913218848962",
"30338476038506904704187778941802772219",
"127345048268956816003718040246579517016"
]
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@454744754cbf2c21b3fc7344e46e10bee2768094",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "wl1251_event_handle",
"file": "drivers/net/wireless/ti/wl1251/event.c"
},
"id": "CVE-2022-49500-b8ea048f",
"signature_type": "Function",
"digest": {
"length": 385.0,
"function_hash": "308356347334082199054324996987710967920"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@454744754cbf2c21b3fc7344e46e10bee2768094",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "wl1251_event_wait",
"file": "drivers/net/wireless/ti/wl1251/event.c"
},
"id": "CVE-2022-49500-c1a1f332",
"signature_type": "Function",
"digest": {
"length": 433.0,
"function_hash": "14952006542386991384571341291373940321"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@da03bbfbf5acd1ab0b074617e865ad1e8a5779ef",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "wl1251_set_partition",
"file": "drivers/net/wireless/ti/wl1251/io.c"
},
"id": "CVE-2022-49500-d562a46b",
"signature_type": "Function",
"digest": {
"length": 1638.0,
"function_hash": "308780878017236884772179076229756490888"
}
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@454744754cbf2c21b3fc7344e46e10bee2768094",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "wl1251_tx_complete",
"file": "drivers/net/wireless/ti/wl1251/tx.c"
},
"id": "CVE-2022-49500-ecf13756",
"signature_type": "Function",
"digest": {
"length": 1870.0,
"function_hash": "321838346720718374325722610064152473191"
}
}
]