fkie_cve-2022-49131
Vulnerability from fkie_nvd
Published
2025-02-26 07:00
Modified
2025-10-01 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: ath11k: fix kernel panic during unload/load ath11k modules Call netif_napi_del() from ath11k_ahb_free_ext_irq() to fix the following kernel panic when unload/load ath11k modules for few iterations. [ 971.201365] Unable to handle kernel paging request at virtual address 6d97a208 [ 971.204227] pgd = 594c2919 [ 971.211478] [6d97a208] *pgd=00000000 [ 971.214120] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 971.412024] CPU: 2 PID: 4435 Comm: insmod Not tainted 5.4.89 #0 [ 971.434256] Hardware name: Generic DT based system [ 971.440165] PC is at napi_by_id+0x10/0x40 [ 971.445019] LR is at netif_napi_add+0x160/0x1dc [ 971.743127] (napi_by_id) from [<807d89a0>] (netif_napi_add+0x160/0x1dc) [ 971.751295] (netif_napi_add) from [<7f1209ac>] (ath11k_ahb_config_irq+0xf8/0x414 [ath11k_ahb]) [ 971.759164] (ath11k_ahb_config_irq [ath11k_ahb]) from [<7f12135c>] (ath11k_ahb_probe+0x40c/0x51c [ath11k_ahb]) [ 971.768567] (ath11k_ahb_probe [ath11k_ahb]) from [<80666864>] (platform_drv_probe+0x48/0x94) [ 971.779670] (platform_drv_probe) from [<80664718>] (really_probe+0x1c8/0x450) [ 971.789389] (really_probe) from [<80664cc4>] (driver_probe_device+0x15c/0x1b8) [ 971.797547] (driver_probe_device) from [<80664f60>] (device_driver_attach+0x44/0x60) [ 971.805795] (device_driver_attach) from [<806650a0>] (__driver_attach+0x124/0x140) [ 971.814822] (__driver_attach) from [<80662adc>] (bus_for_each_dev+0x58/0xa4) [ 971.823328] (bus_for_each_dev) from [<80663a2c>] (bus_add_driver+0xf0/0x1e8) [ 971.831662] (bus_add_driver) from [<806658a4>] (driver_register+0xa8/0xf0) [ 971.839822] (driver_register) from [<8030269c>] (do_one_initcall+0x78/0x1ac) [ 971.847638] (do_one_initcall) from [<80392524>] (do_init_module+0x54/0x200) [ 971.855968] (do_init_module) from [<803945b0>] (load_module+0x1e30/0x1ffc) [ 971.864126] (load_module) from [<803948b0>] (sys_init_module+0x134/0x17c) [ 971.871852] (sys_init_module) from [<80301000>] (ret_fast_syscall+0x0/0x50) Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00760-QCAHKSWPL_SILICONZ-1
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/22b59cb965f79ee1accf83172441c9ca0ecb632aPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/38e488db194dc16d2eb23c77c6a8c04ff583c40dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/699e8c87e5c406af0f0606f40eeebd248c51b702Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c4b7653af62a9a5efe2856183d1f987c5429758bPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c6a815f5abdf324108799829dd19ea62fef4bf95Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "983DAD06-CBCB-46BF-A9E0-3D277B7474DB",
              "versionEndExcluding": "5.10.111",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D25878D3-7761-4E9F-8919-E92CD53896E0",
              "versionEndExcluding": "5.15.34",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABBBA66E-0244-4621-966B-9790AF1EEB00",
              "versionEndExcluding": "5.16.20",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE420AC7-1E59-4398-B84F-71F4B4337762",
              "versionEndExcluding": "5.17.3",
              "versionStartIncluding": "5.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: fix kernel panic during unload/load ath11k modules\n\nCall netif_napi_del() from ath11k_ahb_free_ext_irq() to fix\nthe following kernel panic when unload/load ath11k modules\nfor few iterations.\n\n[  971.201365] Unable to handle kernel paging request at virtual address 6d97a208\n[  971.204227] pgd = 594c2919\n[  971.211478] [6d97a208] *pgd=00000000\n[  971.214120] Internal error: Oops: 5 [#1] PREEMPT SMP ARM\n[  971.412024] CPU: 2 PID: 4435 Comm: insmod Not tainted 5.4.89 #0\n[  971.434256] Hardware name: Generic DT based system\n[  971.440165] PC is at napi_by_id+0x10/0x40\n[  971.445019] LR is at netif_napi_add+0x160/0x1dc\n\n[  971.743127] (napi_by_id) from [\u003c807d89a0\u003e] (netif_napi_add+0x160/0x1dc)\n[  971.751295] (netif_napi_add) from [\u003c7f1209ac\u003e] (ath11k_ahb_config_irq+0xf8/0x414 [ath11k_ahb])\n[  971.759164] (ath11k_ahb_config_irq [ath11k_ahb]) from [\u003c7f12135c\u003e] (ath11k_ahb_probe+0x40c/0x51c [ath11k_ahb])\n[  971.768567] (ath11k_ahb_probe [ath11k_ahb]) from [\u003c80666864\u003e] (platform_drv_probe+0x48/0x94)\n[  971.779670] (platform_drv_probe) from [\u003c80664718\u003e] (really_probe+0x1c8/0x450)\n[  971.789389] (really_probe) from [\u003c80664cc4\u003e] (driver_probe_device+0x15c/0x1b8)\n[  971.797547] (driver_probe_device) from [\u003c80664f60\u003e] (device_driver_attach+0x44/0x60)\n[  971.805795] (device_driver_attach) from [\u003c806650a0\u003e] (__driver_attach+0x124/0x140)\n[  971.814822] (__driver_attach) from [\u003c80662adc\u003e] (bus_for_each_dev+0x58/0xa4)\n[  971.823328] (bus_for_each_dev) from [\u003c80663a2c\u003e] (bus_add_driver+0xf0/0x1e8)\n[  971.831662] (bus_add_driver) from [\u003c806658a4\u003e] (driver_register+0xa8/0xf0)\n[  971.839822] (driver_register) from [\u003c8030269c\u003e] (do_one_initcall+0x78/0x1ac)\n[  971.847638] (do_one_initcall) from [\u003c80392524\u003e] (do_init_module+0x54/0x200)\n[  971.855968] (do_init_module) from [\u003c803945b0\u003e] (load_module+0x1e30/0x1ffc)\n[  971.864126] (load_module) from [\u003c803948b0\u003e] (sys_init_module+0x134/0x17c)\n[  971.871852] (sys_init_module) from [\u003c80301000\u003e] (ret_fast_syscall+0x0/0x50)\n\nTested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00760-QCAHKSWPL_SILICONZ-1"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath11k: corrige el p\u00e1nico del kernel durante la descarga/carga de m\u00f3dulos ath11k Llame a netif_napi_del() desde ath11k_ahb_free_ext_irq() para corregir el siguiente p\u00e1nico del kernel al descargar/cargar m\u00f3dulos ath11k durante algunas iteraciones. [ 971.201365] No se puede manejar la solicitud de paginaci\u00f3n del n\u00facleo en la direcci\u00f3n virtual 6d97a208 [ 971.204227] pgd = 594c2919 [ 971.211478] [6d97a208] *pgd=00000000 [ 971.214120] Error interno: Oops: 5 [#1] PREEMPT SMP ARM [ 971.412024] CPU: 2 PID: 4435 Comm: insmod No contaminado 5.4.89 #0 [ 971.434256] Nombre del hardware: Sistema gen\u00e9rico basado en DT [ 971.440165] La PC est\u00e1 en napi_by_id+0x10/0x40 [ 971.445019] LR est\u00e1 en netif_napi_add+0x160/0x1dc [ 971.743127] (napi_by_id) desde [\u0026lt;807d89a0\u0026gt;] (netif_napi_add+0x160/0x1dc) [ 971.751295] (netif_napi_add) desde [\u0026lt;7f1209ac\u0026gt;] (ath11k_ahb_config_irq+0xf8/0x414 [ath11k_ahb]) [ 971.759164] (ath11k_ahb_config_irq [ath11k_ahb]) desde [\u0026lt;7f12135c\u0026gt;] (ath11k_ahb_probe+0x40c/0x51c [ath11k_ahb]) [ 971.768567] (ath11k_ahb_probe [ath11k_ahb]) desde [\u0026lt;80666864\u0026gt;] (platform_drv_probe+0x48/0x94) [ 971.779670] (platform_drv_probe) desde [\u0026lt;80664718\u0026gt;] (really_probe+0x1c8/0x450) [ 971.789389] (really_probe) desde [\u0026lt;80664cc4\u0026gt;] (driver_probe_device+0x15c/0x1b8) [ 971.797547] (driver_probe_device) desde [\u0026lt;80664f60\u0026gt;] (device_driver_attach+0x44/0x60) [ 971.805795] (device_driver_attach) desde [\u0026lt;806650a0\u0026gt;] (__driver_attach+0x124/0x140) [ 971.814822] (__driver_attach) desde [\u0026lt;80662adc\u0026gt;] (bus_for_each_dev+0x58/0xa4) [ 971.823328] (bus_for_each_dev) desde [\u0026lt;80663a2c\u0026gt;] (bus_add_driver+0xf0/0x1e8) [ 971.831662] (bus_add_driver) desde [\u0026lt;806658a4\u0026gt;] (driver_register+0xa8/0xf0) [ 971.839822] (driver_register) desde [\u0026lt;8030269c\u0026gt;] (do_one_initcall+0x78/0x1ac) [ 971.847638] (do_one_initcall) desde [\u0026lt;80392524\u0026gt;] (do_init_module+0x54/0x200) [ 971.855968] (do_init_module) desde [\u0026lt;803945b0\u0026gt;] (load_module+0x1e30/0x1ffc) [ 971.864126] (load_module) desde [\u0026lt;803948b0\u0026gt;] (sys_init_module+0x134/0x17c) [ 971.871852] (sys_init_module) desde  [\u0026lt;80301000\u0026gt;] (ret_fast_syscall+0x0/0x50) Probado en: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00760-QCAHKSWPL_SILICONZ-1"
    }
  ],
  "id": "CVE-2022-49131",
  "lastModified": "2025-10-01T20:15:49.890",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-26T07:00:50.393",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/22b59cb965f79ee1accf83172441c9ca0ecb632a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/38e488db194dc16d2eb23c77c6a8c04ff583c40d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/699e8c87e5c406af0f0606f40eeebd248c51b702"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c4b7653af62a9a5efe2856183d1f987c5429758b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c6a815f5abdf324108799829dd19ea62fef4bf95"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.