CVE-2022-49533
- Source
- https://cve.org/CVERecord?id=CVE-2022-49533
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49533.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-49533
- Downstream
- Related
- Published
- 2025-02-26T02:13:52.495Z
- Modified
- 2026-04-02T08:27:41.128261Z
- Summary
- ath11k: Change max no of active probe SSID and BSSID to fw capability
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ath11k: Change max no of active probe SSID and BSSID to fw capability
The maximum number of SSIDs in a for active probe requests is currently reported as 16 (WLANSCANPARAMSMAXSSID) when registering the driver. The scanreqparams structure only has the capacity to hold 10 SSIDs. This leads to a buffer overflow which can be triggered from wpasupplicant in userspace. When copying the SSIDs into the scanreqparams structure in the ath11kmacophw_scan route, it can overwrite the extraie pointer.
Firmware supports 16 ssid * 4 bssid, for each ssid 4 bssid combo probe request will be sent, so totally 64 probe requests supported. So set both max ssid and bssid to 16 and 4 respectively. Remove the redundant macros of ssid and bssid.
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.7.0.1-01300-QCAHKSWPL_SILICONZ-1
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49533.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/210505788f1d243232e21ef660efcd4838890ce8
- https://git.kernel.org/stable/c/50dc9ce9f80554a88e33b73c30851acf2be36ed3
- https://git.kernel.org/stable/c/ec5dfa1d66f2f71a48dab027d26a9fa78eb0f58f
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49533.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-49533
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git