CVE-2022-49131 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
ath11k: fix kernel panic during unload/load ath11k modules
Call netif_napi_del() from ath11k_ahb_free_ext_irq() to fix the following kernel panic when unload/load ath11k modules for few iterations.
[ 971.201365] Unable to handle kernel paging request at virtual address 6d97a208
[ 971.204227] pgd = 594c2919
[ 971.211478] [6d97a208] *pgd=00000000
[ 971.214120] Internal error: Oops: 5 [#1] PREEMPT SMP ARM
[ 971.412024] CPU: 2 PID: 4435 Comm: insmod Not tainted 5.4.89 #0
[ 971.434256] Hardware name: Generic DT based system
[ 971.440165] PC is at napi_by_id+0x10/0x40
[ 971.445019] LR is at netif_napi_add+0x160/0x1dc
[ 971.743127] (napi_by_id) from [] (netif_napi_add+0x160/0x1dc)
[ 971.751295] (netif_napi_add) from [] (ath11k_ahb_config_irq+0xf8/0x414 [ath11k_ahb])
[ 971.759164] (ath11k_ahb_config_irq [ath11k_ahb]) from [] (ath11k_ahb_probe+0x40c/0x51c [ath11k_ahb])
[ 971.768567] (ath11k_ahb_probe [ath11k_ahb]) from [] (platform_drv_probe+0x48/0x94)
[ 971.779670] (platform_drv_probe) from [] (really_probe+0x1c8/0x450)
[ 971.789389] (really_probe) from [] (driver_probe_device+0x15c/0x1b8)
[ 971.797547] (driver_probe_device) from [] (device_driver_attach+0x44/0x60)
[ 971.805795] (device_driver_attach) from [] (__driver_attach+0x124/0x140)
[ 971.814822] (__driver_attach) from [] (bus_for_each_dev+0x58/0xa4)
[ 971.823328] (bus_for_each_dev) from [] (bus_add_driver+0xf0/0x1e8)
[ 971.831662] (bus_add_driver) from [] (driver_register+0xa8/0xf0)
[ 971.839822] (driver_register) from [] (do_one_initcall+0x78/0x1ac)
[ 971.847638] (do_one_initcall) from [] (do_init_module+0x54/0x200)
[ 971.855968] (do_init_module) from [] (load_module+0x1e30/0x1ffc)
[ 971.864126] (load_module) from [] (sys_init_module+0x134/0x17c)
[ 971.871852] (sys_init_module) from [] (ret_fast_syscall+0x0/0x50)
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00760-QCAHKSWPL_SILICONZ-1
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 02/26/2025
The vulnerability CVE-2022-49131 represents a critical kernel panic issue within the Linux kernel's ath11k wireless driver module, specifically affecting the AHB (Advanced High-performance Bus) interface implementation. This flaw manifests during the dynamic loading and unloading of the ath11k kernel modules, creating a scenario where repeated module operations can trigger a kernel oops condition. The root cause lies in improper handling of network interface NAPI (Network API) structures during the module lifecycle, particularly during the cleanup phase of the ath11k_ahb driver. The kernel panic occurs when the system attempts to access a virtual address that maps to a null page table entry, indicating a classic use-after-free or double-free condition in the network subsystem's NAPI management.
The technical exploitation pathway involves the ath11k_ahb_free_ext_irq() function failing to properly invoke netif_napi_del() before module cleanup operations. This omission creates a race condition where NAPI structures remain in an inconsistent state, leading to memory corruption when subsequent module loading attempts try to reinitialize the same network interface components. The stack trace reveals the execution path leading to the crash, showing that the kernel attempts to locate an NAPI structure via napi_by_id() function, which fails because the structure has already been freed or corrupted. This vulnerability directly maps to CWE-415: Double Free and CWE-476: Null Pointer Dereference, both of which are fundamental memory safety issues that can lead to system instability and potential privilege escalation.
The operational impact of this vulnerability extends beyond simple kernel panics, as it can compromise the availability of wireless networking capabilities on affected devices running Linux kernels. Systems utilizing Qualcomm's IPQ8074 chipset with the ath11k driver are particularly vulnerable, as evidenced by the specific hardware platform mentioned in the vulnerability report. The instability caused by repeated module operations can lead to complete system crashes, requiring manual intervention to restore normal operation. This affects network infrastructure devices, embedded systems, and mobile platforms that rely on the ath11k driver for wireless connectivity. The vulnerability's presence in kernel version 5.4.89 demonstrates that it has been present in widely deployed kernel versions, increasing the potential attack surface and impact. Organizations using these wireless drivers in production environments face risks of service disruption and potential denial of service conditions.
Mitigation strategies for CVE-2022-49131 should prioritize applying the official kernel patch that ensures netif_napi_del() is properly called during module cleanup operations. System administrators should implement regular kernel updates and monitor for vulnerability advisories from the Linux kernel security team. For environments where immediate patching is not feasible, operational mitigations include avoiding repeated module loading/unloading cycles and implementing proper module lifecycle management. The fix aligns with ATT&CK technique T1547.006: "Elevated Execution: Kernel Modules" by ensuring proper kernel module management and preventing unintended privilege escalation through memory corruption. Additionally, organizations should consider implementing network monitoring solutions to detect and alert on kernel panic events, as these can serve as indicators of successful exploitation attempts. The vulnerability highlights the importance of proper resource management in kernel drivers and demonstrates how seemingly minor interface management issues can lead to catastrophic system failures.