Improper locking in Linux kernel ath ath10k driver

Published: 2025-02-26

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2022-49519
CWE-ID	CWE-667
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU104672

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-49519

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ath10k_stop() function in drivers/net/wireless/ath/ath10k/mac.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/5321e5211b5dc873e2e3d0deb749e69ecf4dbfe5
https://git.kernel.org/stable/c/7eb14cb604f49e58b7cf6faa87961a865a3c8649
https://git.kernel.org/stable/c/8aa3750986ffcf73e0692db3b40dd3a8e8c0c575
https://git.kernel.org/stable/c/b72a4aff947ba807177bdabb43debaf2c66bee05
https://git.kernel.org/stable/c/c2272428090d0d215a3f017cbbbad731c07eee53

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.