CVE-2022-49500 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
wl1251: dynamically allocate memory used for DMA
With introduction of vmap'ed stacks, stack parameters can no longer be used for DMA and now leads to kernel panic.
It happens at several places for the wl1251 (e.g. when accessed through SDIO) making it unuseable on e.g. the OpenPandora.
We solve this by allocating temporary buffers or use wl1251_read32().
Tested on v5.18-rc5 with OpenPandora.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 10/23/2025
The vulnerability CVE-2022-49500 affects the Linux kernel's wl1251 wireless driver implementation, specifically addressing memory allocation issues that arise with the introduction of vmap'ed stacks in modern kernel versions. This flaw fundamentally impacts the driver's ability to perform direct memory access operations, creating a critical operational failure that renders the wireless hardware unusable on affected platforms. The issue stems from the kernel's transition to virtual memory mapping for stack operations, which eliminates the previous capability to use stack parameters for DMA transactions due to memory address space constraints and alignment requirements.
The technical root cause involves the wl1251 driver's reliance on stack-based memory allocations for DMA operations, particularly when interfacing through SDIO bus connections. When vmap'ed stacks were introduced, the kernel's memory management architecture changed such that stack parameters could no longer be directly used for DMA transfers due to memory protection mechanisms and virtual address translation requirements. This architectural incompatibility causes kernel panics during critical driver operations, making the wireless interface completely non-functional on devices like the OpenPandora that depend on this specific hardware configuration. The vulnerability manifests at multiple code locations within the driver's DMA handling routines, creating a systemic failure rather than isolated incidents.
The operational impact of this vulnerability extends beyond simple driver malfunction to encompass complete wireless connectivity loss on affected devices, severely impacting user experience and system functionality. Devices utilizing the wl1251 chipset through SDIO interfaces become completely non-operational for wireless networking, which represents a critical failure in embedded systems where wireless connectivity is essential for proper device operation. The vulnerability affects not just individual devices but entire hardware categories that rely on this specific driver implementation, particularly impacting handheld devices and embedded systems where wireless capabilities are integral to the user experience.
The resolution for CVE-2022-49500 involves implementing dynamic memory allocation strategies that replace the problematic stack-based approaches with proper buffer allocation mechanisms suitable for DMA operations. The fix specifically addresses the issue by either allocating temporary buffers that meet DMA requirements or by utilizing the wl1251_read32() function that properly handles memory alignment and access patterns for DMA transactions. This approach aligns with common security practices for kernel memory management and follows established guidelines for preventing DMA-related vulnerabilities. The solution ensures that all memory allocations for DMA operations maintain proper alignment, address space compatibility, and kernel memory management compliance, effectively resolving the kernel panic conditions that previously occurred during wireless driver operations. This fix demonstrates proper adherence to kernel security standards and represents a robust solution to prevent similar memory management issues in future implementations.
This vulnerability maps to CWE-125 out-of-bounds read conditions and CWE-787 out-of-bounds write conditions within the context of kernel memory management, while also reflecting ATT&CK techniques related to privilege escalation through kernel exploits. The resolution approach follows security best practices for kernel module development and memory allocation management, ensuring proper kernel memory safety and preventing similar issues in other drivers that might face similar architectural transitions in memory management systems.