Linux Kernel up to 5.4.206/5.10.131/5.15.55/5.18.12 OCB Interface privilege escalation

Summaryinfo

A vulnerability was found in Linux Kernel up to 5.4.206/5.10.131/5.15.55/5.18.12. It has been classified as problematic. The affected element is an unknown function of the component OCB Interface. The manipulation leads to an unknown weakness. This vulnerability is documented as CVE-2022-49646. There is not any exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.4.206/5.10.131/5.15.55/5.18.12. This issue affects an unknown code block of the component OCB Interface. The impact remains unknown. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue for broadcast packets, using the BE queue. Allowing non-BE queue marking violates that assumption and txq->ac == skb_queue_mapping is no longer guaranteed. This can cause issues with queue handling in the driver and also causes issues with the recent ATF change, resulting in an AQL underflow warning.

The advisory is shared at git.kernel.org. The identification of this vulnerability is CVE-2022-49646 since 02/26/2025. Neither technical details nor an exploit are publicly available.

Upgrading to version 5.4.207, 5.10.132, 5.15.56 or 5.18.13 eliminates this vulnerability. Applying the patch 444be5a02b77f3b7a8ac9c1a0b074fbb3bd89cd0/e013ea2a51a94b903b396a8dff531a07d470335d/5a9df31017999197b6e60535940f2f2fe1bd3b0d/41ecab279a70dced9005f4d55fa0fcde8938603f/50e2ab39291947b6c6c7025cf01707c270fcde59 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2022-54586). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 5.4.206
• 5.10.131
• 5.15.0
• 5.15.1
• 5.15.2
• 5.15.3
• 5.15.4
• 5.15.5
• 5.15.6
• 5.15.7
• 5.15.8
• 5.15.9
• 5.15.10
• 5.15.11
• 5.15.12
• 5.15.13
• 5.15.14
• 5.15.15
• 5.15.16
• 5.15.17
• 5.15.18
• 5.15.19
• 5.15.20
• 5.15.21
• 5.15.22
• 5.15.23
• 5.15.24
• 5.15.25
• 5.15.26
• 5.15.27
• 5.15.28
• 5.15.29
• 5.15.30
• 5.15.31
• 5.15.32
• 5.15.33
• 5.15.34
• 5.15.35
• 5.15.36
• 5.15.37
• 5.15.38
• 5.15.39
• 5.15.40
• 5.15.41
• 5.15.42
• 5.15.43
• 5.15.44
• 5.15.45
• 5.15.46
• 5.15.47
• 5.15.48
• 5.15.49
• 5.15.50
• 5.15.51
• 5.15.52
• 5.15.53
• 5.15.54
• 5.15.55
• 5.18.0
• 5.18.1
• 5.18.2
• 5.18.3
• 5.18.4
• 5.18.5
• 5.18.6
• 5.18.7
• 5.18.8
• 5.18.9
• 5.18.10
• 5.18.11
• 5.18.12

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion