CVE-2022-48705: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix crash in chip reset fail In case of drv own fail in reset, we may need to run mac_reset several times. The sequence would trigger system crash as the log below. Because we do not re-enable/schedule "tx_napi" before disable it again, the process would keep waiting for state change in napi_diable(). To avoid the problem and keep status synchronize for each run, goto final resource handling if drv own failed. [ 5857.353423] mt7921e 0000:3b:00.0: driver own failed [ 5858.433427] mt7921e 0000:3b:00.0: Timeout for driver own [ 5859.633430] mt7921e 0000:3b:00.0: driver own failed [ 5859.633444] ------------[ cut here ]------------ [ 5859.633446] WARNING: CPU: 6 at kernel/kthread.c:659 kthread_park+0x11d [ 5859.633717] Workqueue: mt76 mt7921_mac_reset_work [mt7921_common] [ 5859.633728] RIP: 0010:kthread_park+0x11d/0x150 [ 5859.633736] RSP: 0018:ffff8881b676fc68 EFLAGS: 00010202 ...... [ 5859.633766] Call Trace: [ 5859.633768] <TASK> [ 5859.633771] mt7921e_mac_reset+0x176/0x6f0 [mt7921e] [ 5859.633778] mt7921_mac_reset_work+0x184/0x3a0 [mt7921_common] [ 5859.633785] ? mt7921_mac_set_timing+0x520/0x520 [mt7921_common] [ 5859.633794] ? __kasan_check_read+0x11/0x20 [ 5859.633802] process_one_work+0x7ee/0x1320 [ 5859.633810] worker_thread+0x53c/0x1240 [ 5859.633818] kthread+0x2b8/0x370 [ 5859.633824] ? process_one_work+0x1320/0x1320 [ 5859.633828] ? kthread_complete_and_exit+0x30/0x30 [ 5859.633834] ret_from_fork+0x1f/0x30 [ 5859.633842] </TASK>
AI Analysis
Technical Summary
CVE-2022-48705 is a vulnerability identified in the Linux kernel specifically affecting the mt76 wireless driver, which supports MediaTek Wi-Fi chipsets, including the mt7921e device. The issue arises during the chip reset process when the driver attempts to regain ownership of the device (referred to as 'drv own'). If the driver ownership fails during reset, the reset sequence may be retried multiple times. However, due to improper handling of the "tx_napi" state—where the transmit NAPI (New API) polling mechanism is disabled but not properly re-enabled or rescheduled before being disabled again—the system enters a deadlock state. This causes kernel threads to wait indefinitely for a state change in napi_disable(), leading to a system crash or kernel panic. The provided kernel logs illustrate repeated driver ownership failures followed by a warning and stack trace pointing to the kthread_park() function, which is involved in parking kernel threads. The root cause is a synchronization issue in the mt7921e_mac_reset() function and its associated workqueue, where the driver does not correctly manage the NAPI state transitions during reset failure scenarios. This vulnerability can cause a denial of service (DoS) by crashing the entire system or rendering the wireless interface unusable until reboot. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects specific Linux kernel versions identified by their commit hashes, indicating it is present in certain recent kernel builds prior to the fix. The fix involves ensuring that if driver ownership fails during reset, the code skips to final resource handling to maintain state synchronization and avoid the problematic sequence that leads to the crash.
Potential Impact
For European organizations, this vulnerability poses a risk primarily in environments that rely on Linux systems using MediaTek mt76 wireless chipsets, particularly the mt7921e device. Such systems could be found in enterprise laptops, embedded devices, or network equipment running Linux kernels with the affected driver versions. The impact is mainly a denial of service condition caused by system crashes or kernel panics triggered by the wireless driver reset failure. This could disrupt critical network connectivity, especially in wireless-dependent operations, leading to downtime and productivity loss. In sectors such as telecommunications, manufacturing, or public services where Linux-based wireless infrastructure is common, this could affect operational continuity. Although exploitation requires triggering the driver reset failure, which may be caused by hardware issues or crafted conditions, an attacker with local access or the ability to induce driver resets could cause repeated crashes. The vulnerability does not appear to allow privilege escalation or remote code execution, limiting its impact to availability concerns. However, availability disruptions in critical infrastructure or industrial control systems could have cascading effects. Given the lack of known exploits, the immediate threat level is moderate, but unpatched systems remain vulnerable to accidental or intentional DoS conditions.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Since the issue is in the mt76 wireless driver, kernel updates from trusted Linux distributions that include the fix should be applied promptly. For environments where immediate patching is not feasible, organizations can consider disabling the affected wireless interfaces or using alternative network adapters not reliant on the mt76 driver to mitigate risk. Monitoring system logs for repeated 'driver own failed' messages or kernel warnings related to mt7921e can help detect attempts to trigger the vulnerability. Additionally, restricting local access to sensitive systems and limiting the ability to trigger wireless device resets can reduce exploitation risk. For embedded or specialized devices, coordination with hardware vendors to obtain firmware or driver updates is recommended. Network segmentation and redundancy planning can also minimize the impact of potential DoS conditions caused by this vulnerability. Finally, organizations should maintain robust incident response procedures to quickly recover from any crashes or outages linked to this issue.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Belgium, Finland
CVE-2022-48705: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix crash in chip reset fail In case of drv own fail in reset, we may need to run mac_reset several times. The sequence would trigger system crash as the log below. Because we do not re-enable/schedule "tx_napi" before disable it again, the process would keep waiting for state change in napi_diable(). To avoid the problem and keep status synchronize for each run, goto final resource handling if drv own failed. [ 5857.353423] mt7921e 0000:3b:00.0: driver own failed [ 5858.433427] mt7921e 0000:3b:00.0: Timeout for driver own [ 5859.633430] mt7921e 0000:3b:00.0: driver own failed [ 5859.633444] ------------[ cut here ]------------ [ 5859.633446] WARNING: CPU: 6 at kernel/kthread.c:659 kthread_park+0x11d [ 5859.633717] Workqueue: mt76 mt7921_mac_reset_work [mt7921_common] [ 5859.633728] RIP: 0010:kthread_park+0x11d/0x150 [ 5859.633736] RSP: 0018:ffff8881b676fc68 EFLAGS: 00010202 ...... [ 5859.633766] Call Trace: [ 5859.633768] <TASK> [ 5859.633771] mt7921e_mac_reset+0x176/0x6f0 [mt7921e] [ 5859.633778] mt7921_mac_reset_work+0x184/0x3a0 [mt7921_common] [ 5859.633785] ? mt7921_mac_set_timing+0x520/0x520 [mt7921_common] [ 5859.633794] ? __kasan_check_read+0x11/0x20 [ 5859.633802] process_one_work+0x7ee/0x1320 [ 5859.633810] worker_thread+0x53c/0x1240 [ 5859.633818] kthread+0x2b8/0x370 [ 5859.633824] ? process_one_work+0x1320/0x1320 [ 5859.633828] ? kthread_complete_and_exit+0x30/0x30 [ 5859.633834] ret_from_fork+0x1f/0x30 [ 5859.633842] </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2022-48705 is a vulnerability identified in the Linux kernel specifically affecting the mt76 wireless driver, which supports MediaTek Wi-Fi chipsets, including the mt7921e device. The issue arises during the chip reset process when the driver attempts to regain ownership of the device (referred to as 'drv own'). If the driver ownership fails during reset, the reset sequence may be retried multiple times. However, due to improper handling of the "tx_napi" state—where the transmit NAPI (New API) polling mechanism is disabled but not properly re-enabled or rescheduled before being disabled again—the system enters a deadlock state. This causes kernel threads to wait indefinitely for a state change in napi_disable(), leading to a system crash or kernel panic. The provided kernel logs illustrate repeated driver ownership failures followed by a warning and stack trace pointing to the kthread_park() function, which is involved in parking kernel threads. The root cause is a synchronization issue in the mt7921e_mac_reset() function and its associated workqueue, where the driver does not correctly manage the NAPI state transitions during reset failure scenarios. This vulnerability can cause a denial of service (DoS) by crashing the entire system or rendering the wireless interface unusable until reboot. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects specific Linux kernel versions identified by their commit hashes, indicating it is present in certain recent kernel builds prior to the fix. The fix involves ensuring that if driver ownership fails during reset, the code skips to final resource handling to maintain state synchronization and avoid the problematic sequence that leads to the crash.
Potential Impact
For European organizations, this vulnerability poses a risk primarily in environments that rely on Linux systems using MediaTek mt76 wireless chipsets, particularly the mt7921e device. Such systems could be found in enterprise laptops, embedded devices, or network equipment running Linux kernels with the affected driver versions. The impact is mainly a denial of service condition caused by system crashes or kernel panics triggered by the wireless driver reset failure. This could disrupt critical network connectivity, especially in wireless-dependent operations, leading to downtime and productivity loss. In sectors such as telecommunications, manufacturing, or public services where Linux-based wireless infrastructure is common, this could affect operational continuity. Although exploitation requires triggering the driver reset failure, which may be caused by hardware issues or crafted conditions, an attacker with local access or the ability to induce driver resets could cause repeated crashes. The vulnerability does not appear to allow privilege escalation or remote code execution, limiting its impact to availability concerns. However, availability disruptions in critical infrastructure or industrial control systems could have cascading effects. Given the lack of known exploits, the immediate threat level is moderate, but unpatched systems remain vulnerable to accidental or intentional DoS conditions.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions where this vulnerability is patched. Since the issue is in the mt76 wireless driver, kernel updates from trusted Linux distributions that include the fix should be applied promptly. For environments where immediate patching is not feasible, organizations can consider disabling the affected wireless interfaces or using alternative network adapters not reliant on the mt76 driver to mitigate risk. Monitoring system logs for repeated 'driver own failed' messages or kernel warnings related to mt7921e can help detect attempts to trigger the vulnerability. Additionally, restricting local access to sensitive systems and limiting the ability to trigger wireless device resets can reduce exploitation risk. For embedded or specialized devices, coordination with hardware vendors to obtain firmware or driver updates is recommended. Network segmentation and redundancy planning can also minimize the impact of potential DoS conditions caused by this vulnerability. Finally, organizations should maintain robust incident response procedures to quickly recover from any crashes or outages linked to this issue.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-03T14:55:07.146Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd4dd
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 11:55:46 PM
Last updated: 8/12/2025, 6:32:16 AM
Views: 14
Related Threats
CVE-2025-9097: Improper Export of Android Application Components in Euro Information CIC banque et compte en ligne App
MediumCVE-2025-9096: Cross Site Scripting in ExpressGateway express-gateway
MediumCVE-2025-9095: Cross Site Scripting in ExpressGateway express-gateway
MediumCVE-2025-7342: CWE-798 Use of Hard-coded Credentials in Kubernetes Image Builder
HighCVE-2025-9094: Improper Neutralization of Special Elements Used in a Template Engine in ThingsBoard
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.