{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49131", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T01:49:39.267Z", "datePublished": "2025-02-26T01:55:06.615Z", "dateUpdated": "2025-02-26T14:25:51.462Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-02-26T14:25:51.462Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: fix kernel panic during unload/load ath11k modules\n\nCall netif_napi_del() from ath11k_ahb_free_ext_irq() to fix\nthe following kernel panic when unload/load ath11k modules\nfor few iterations.\n\n[ 971.201365] Unable to handle kernel paging request at virtual address 6d97a208\n[ 971.204227] pgd = 594c2919\n[ 971.211478] [6d97a208] *pgd=00000000\n[ 971.214120] Internal error: Oops: 5 [#1] PREEMPT SMP ARM\n[ 971.412024] CPU: 2 PID: 4435 Comm: insmod Not tainted 5.4.89 #0\n[ 971.434256] Hardware name: Generic DT based system\n[ 971.440165] PC is at napi_by_id+0x10/0x40\n[ 971.445019] LR is at netif_napi_add+0x160/0x1dc\n\n[ 971.743127] (napi_by_id) from [<807d89a0>] (netif_napi_add+0x160/0x1dc)\n[ 971.751295] (netif_napi_add) from [<7f1209ac>] (ath11k_ahb_config_irq+0xf8/0x414 [ath11k_ahb])\n[ 971.759164] (ath11k_ahb_config_irq [ath11k_ahb]) from [<7f12135c>] (ath11k_ahb_probe+0x40c/0x51c [ath11k_ahb])\n[ 971.768567] (ath11k_ahb_probe [ath11k_ahb]) from [<80666864>] (platform_drv_probe+0x48/0x94)\n[ 971.779670] (platform_drv_probe) from [<80664718>] (really_probe+0x1c8/0x450)\n[ 971.789389] (really_probe) from [<80664cc4>] (driver_probe_device+0x15c/0x1b8)\n[ 971.797547] (driver_probe_device) from [<80664f60>] (device_driver_attach+0x44/0x60)\n[ 971.805795] (device_driver_attach) from [<806650a0>] (__driver_attach+0x124/0x140)\n[ 971.814822] (__driver_attach) from [<80662adc>] (bus_for_each_dev+0x58/0xa4)\n[ 971.823328] (bus_for_each_dev) from [<80663a2c>] (bus_add_driver+0xf0/0x1e8)\n[ 971.831662] (bus_add_driver) from [<806658a4>] (driver_register+0xa8/0xf0)\n[ 971.839822] (driver_register) from [<8030269c>] (do_one_initcall+0x78/0x1ac)\n[ 971.847638] (do_one_initcall) from [<80392524>] (do_init_module+0x54/0x200)\n[ 971.855968] (do_init_module) from [<803945b0>] (load_module+0x1e30/0x1ffc)\n[ 971.864126] (load_module) from [<803948b0>] (sys_init_module+0x134/0x17c)\n[ 971.871852] (sys_init_module) from [<80301000>] (ret_fast_syscall+0x0/0x50)\n\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00760-QCAHKSWPL_SILICONZ-1"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/ath/ath11k/ahb.c"], "versions": [{"version": "d5c65159f2895379e11ca13f62feabe93278985d", "lessThan": "c6a815f5abdf324108799829dd19ea62fef4bf95", "status": "affected", "versionType": "git"}, {"version": "d5c65159f2895379e11ca13f62feabe93278985d", "lessThan": "c4b7653af62a9a5efe2856183d1f987c5429758b", "status": "affected", "versionType": "git"}, {"version": "d5c65159f2895379e11ca13f62feabe93278985d", "lessThan": "699e8c87e5c406af0f0606f40eeebd248c51b702", "status": "affected", "versionType": "git"}, {"version": "d5c65159f2895379e11ca13f62feabe93278985d", "lessThan": "38e488db194dc16d2eb23c77c6a8c04ff583c40d", "status": "affected", "versionType": "git"}, {"version": "d5c65159f2895379e11ca13f62feabe93278985d", "lessThan": "22b59cb965f79ee1accf83172441c9ca0ecb632a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/ath/ath11k/ahb.c"], "versions": [{"version": "5.6", "status": "affected"}, {"version": "0", "lessThan": "5.6", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.111", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.34", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16.20", "lessThanOrEqual": "5.16.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.3", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/c6a815f5abdf324108799829dd19ea62fef4bf95"}, {"url": "https://git.kernel.org/stable/c/c4b7653af62a9a5efe2856183d1f987c5429758b"}, {"url": "https://git.kernel.org/stable/c/699e8c87e5c406af0f0606f40eeebd248c51b702"}, {"url": "https://git.kernel.org/stable/c/38e488db194dc16d2eb23c77c6a8c04ff583c40d"}, {"url": "https://git.kernel.org/stable/c/22b59cb965f79ee1accf83172441c9ca0ecb632a"}], "title": "ath11k: fix kernel panic during unload/load ath11k modules", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "983DAD06-CBCB-46BF-A9E0-3D277B7474DB", "versionEndExcluding": "5.10.111", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D25878D3-7761-4E9F-8919-E92CD53896E0", "versionEndExcluding": "5.15.34", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ABBBA66E-0244-4621-966B-9790AF1EEB00", "versionEndExcluding": "5.16.20", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE420AC7-1E59-4398-B84F-71F4B4337762", "versionEndExcluding": "5.17.3", "versionStartIncluding": "5.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: fix kernel panic during unload/load ath11k modules\n\nCall netif_napi_del() from ath11k_ahb_free_ext_irq() to fix\nthe following kernel panic when unload/load ath11k modules\nfor few iterations.\n\n[ 971.201365] Unable to handle kernel paging request at virtual address 6d97a208\n[ 971.204227] pgd = 594c2919\n[ 971.211478] [6d97a208] *pgd=00000000\n[ 971.214120] Internal error: Oops: 5 [#1] PREEMPT SMP ARM\n[ 971.412024] CPU: 2 PID: 4435 Comm: insmod Not tainted 5.4.89 #0\n[ 971.434256] Hardware name: Generic DT based system\n[ 971.440165] PC is at napi_by_id+0x10/0x40\n[ 971.445019] LR is at netif_napi_add+0x160/0x1dc\n\n[ 971.743127] (napi_by_id) from [<807d89a0>] (netif_napi_add+0x160/0x1dc)\n[ 971.751295] (netif_napi_add) from [<7f1209ac>] (ath11k_ahb_config_irq+0xf8/0x414 [ath11k_ahb])\n[ 971.759164] (ath11k_ahb_config_irq [ath11k_ahb]) from [<7f12135c>] (ath11k_ahb_probe+0x40c/0x51c [ath11k_ahb])\n[ 971.768567] (ath11k_ahb_probe [ath11k_ahb]) from [<80666864>] (platform_drv_probe+0x48/0x94)\n[ 971.779670] (platform_drv_probe) from [<80664718>] (really_probe+0x1c8/0x450)\n[ 971.789389] (really_probe) from [<80664cc4>] (driver_probe_device+0x15c/0x1b8)\n[ 971.797547] (driver_probe_device) from [<80664f60>] (device_driver_attach+0x44/0x60)\n[ 971.805795] (device_driver_attach) from [<806650a0>] (__driver_attach+0x124/0x140)\n[ 971.814822] (__driver_attach) from [<80662adc>] (bus_for_each_dev+0x58/0xa4)\n[ 971.823328] (bus_for_each_dev) from [<80663a2c>] (bus_add_driver+0xf0/0x1e8)\n[ 971.831662] (bus_add_driver) from [<806658a4>] (driver_register+0xa8/0xf0)\n[ 971.839822] (driver_register) from [<8030269c>] (do_one_initcall+0x78/0x1ac)\n[ 971.847638] (do_one_initcall) from [<80392524>] (do_init_module+0x54/0x200)\n[ 971.855968] (do_init_module) from [<803945b0>] (load_module+0x1e30/0x1ffc)\n[ 971.864126] (load_module) from [<803948b0>] (sys_init_module+0x134/0x17c)\n[ 971.871852] (sys_init_module) from [<80301000>] (ret_fast_syscall+0x0/0x50)\n\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00760-QCAHKSWPL_SILICONZ-1"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath11k: corrige el p\u00e1nico del kernel durante la descarga/carga de m\u00f3dulos ath11k Llame a netif_napi_del() desde ath11k_ahb_free_ext_irq() para corregir el siguiente p\u00e1nico del kernel al descargar/cargar m\u00f3dulos ath11k durante algunas iteraciones. [ 971.201365] No se puede manejar la solicitud de paginaci\u00f3n del n\u00facleo en la direcci\u00f3n virtual 6d97a208 [ 971.204227] pgd = 594c2919 [ 971.211478] [6d97a208] *pgd=00000000 [ 971.214120] Error interno: Oops: 5 [#1] PREEMPT SMP ARM [ 971.412024] CPU: 2 PID: 4435 Comm: insmod No contaminado 5.4.89 #0 [ 971.434256] Nombre del hardware: Sistema gen\u00e9rico basado en DT [ 971.440165] La PC est\u00e1 en napi_by_id+0x10/0x40 [ 971.445019] LR est\u00e1 en netif_napi_add+0x160/0x1dc [ 971.743127] (napi_by_id) desde [&lt;807d89a0&gt;] (netif_napi_add+0x160/0x1dc) [ 971.751295] (netif_napi_add) desde [&lt;7f1209ac&gt;] (ath11k_ahb_config_irq+0xf8/0x414 [ath11k_ahb]) [ 971.759164] (ath11k_ahb_config_irq [ath11k_ahb]) desde [&lt;7f12135c&gt;] (ath11k_ahb_probe+0x40c/0x51c [ath11k_ahb]) [ 971.768567] (ath11k_ahb_probe [ath11k_ahb]) desde [&lt;80666864&gt;] (platform_drv_probe+0x48/0x94) [ 971.779670] (platform_drv_probe) desde [&lt;80664718&gt;] (really_probe+0x1c8/0x450) [ 971.789389] (really_probe) desde [&lt;80664cc4&gt;] (driver_probe_device+0x15c/0x1b8) [ 971.797547] (driver_probe_device) desde [&lt;80664f60&gt;] (device_driver_attach+0x44/0x60) [ 971.805795] (device_driver_attach) desde [&lt;806650a0&gt;] (__driver_attach+0x124/0x140) [ 971.814822] (__driver_attach) desde [&lt;80662adc&gt;] (bus_for_each_dev+0x58/0xa4) [ 971.823328] (bus_for_each_dev) desde [&lt;80663a2c&gt;] (bus_add_driver+0xf0/0x1e8) [ 971.831662] (bus_add_driver) desde [&lt;806658a4&gt;] (driver_register+0xa8/0xf0) [ 971.839822] (driver_register) desde [&lt;8030269c&gt;] (do_one_initcall+0x78/0x1ac) [ 971.847638] (do_one_initcall) desde [&lt;80392524&gt;] (do_init_module+0x54/0x200) [ 971.855968] (do_init_module) desde [&lt;803945b0&gt;] (load_module+0x1e30/0x1ffc) [ 971.864126] (load_module) desde [&lt;803948b0&gt;] (sys_init_module+0x134/0x17c) [ 971.871852] (sys_init_module) desde [&lt;80301000&gt;] (ret_fast_syscall+0x0/0x50) Probado en: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00760-QCAHKSWPL_SILICONZ-1"}], "id": "CVE-2022-49131", "lastModified": "2025-03-13T21:31:46.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-26T07:00:50.393", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/22b59cb965f79ee1accf83172441c9ca0ecb632a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/38e488db194dc16d2eb23c77c6a8c04ff583c40d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/699e8c87e5c406af0f0606f40eeebd248c51b702"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c4b7653af62a9a5efe2856183d1f987c5429758b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c6a815f5abdf324108799829dd19ea62fef4bf95"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ath11k: fix kernel panic during unload/load ath11k modules", "id": "2347824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347824"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-459", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nath11k: fix kernel panic during unload/load ath11k modules\nCall netif_napi_del() from ath11k_ahb_free_ext_irq() to fix\nthe following kernel panic when unload/load ath11k modules\nfor few iterations.\n[ 971.201365] Unable to handle kernel paging request at virtual address 6d97a208\n[ 971.204227] pgd = 594c2919\n[ 971.211478] [6d97a208] *pgd=00000000\n[ 971.214120] Internal error: Oops: 5 [#1] PREEMPT SMP ARM\n[ 971.412024] CPU: 2 PID: 4435 Comm: insmod Not tainted 5.4.89 #0\n[ 971.434256] Hardware name: Generic DT based system\n[ 971.440165] PC is at napi_by_id+0x10/0x40\n[ 971.445019] LR is at netif_napi_add+0x160/0x1dc\n[ 971.743127] (napi_by_id) from [<807d89a0>] (netif_napi_add+0x160/0x1dc)\n[ 971.751295] (netif_napi_add) from [<7f1209ac>] (ath11k_ahb_config_irq+0xf8/0x414 [ath11k_ahb])\n[ 971.759164] (ath11k_ahb_config_irq [ath11k_ahb]) from [<7f12135c>] (ath11k_ahb_probe+0x40c/0x51c [ath11k_ahb])\n[ 971.768567] (ath11k_ahb_probe [ath11k_ahb]) from [<80666864>] (platform_drv_probe+0x48/0x94)\n[ 971.779670] (platform_drv_probe) from [<80664718>] (really_probe+0x1c8/0x450)\n[ 971.789389] (really_probe) from [<80664cc4>] (driver_probe_device+0x15c/0x1b8)\n[ 971.797547] (driver_probe_device) from [<80664f60>] (device_driver_attach+0x44/0x60)\n[ 971.805795] (device_driver_attach) from [<806650a0>] (__driver_attach+0x124/0x140)\n[ 971.814822] (__driver_attach) from [<80662adc>] (bus_for_each_dev+0x58/0xa4)\n[ 971.823328] (bus_for_each_dev) from [<80663a2c>] (bus_add_driver+0xf0/0x1e8)\n[ 971.831662] (bus_add_driver) from [<806658a4>] (driver_register+0xa8/0xf0)\n[ 971.839822] (driver_register) from [<8030269c>] (do_one_initcall+0x78/0x1ac)\n[ 971.847638] (do_one_initcall) from [<80392524>] (do_init_module+0x54/0x200)\n[ 971.855968] (do_init_module) from [<803945b0>] (load_module+0x1e30/0x1ffc)\n[ 971.864126] (load_module) from [<803948b0>] (sys_init_module+0x134/0x17c)\n[ 971.871852] (sys_init_module) from [<80301000>] (ret_fast_syscall+0x0/0x50)\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00760-QCAHKSWPL_SILICONZ-1"], "name": "CVE-2022-49131", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49131\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49131\nhttps://lore.kernel.org/linux-cve-announce/2025022605-CVE-2022-49131-584c@gregkh/T"], "threat_severity": "Moderate"}