CVE-2022-48972 is a vulnerability in the Linux kernel specifically affecting the mac802154 subsystem, which handles IEEE 802.15.4 wireless networking interfaces. The root cause is a missing initialization of a linked list head in the function ieee802154_if_add(). This function allocates a wpan_dev structure as private data for a network device (netdev) but fails to initialize the list member within this structure using INIT_LIST_HEAD(). Consequently, when the kernel later manages this list during device registration or unregistration via the function cfg802154_netdev_notifier_call(), it may dereference a null pointer, leading to a kernel NULL pointer dereference (null-ptr-deref) and a BUG. This can cause a kernel panic or system crash. The vulnerability was identified through kernel fault injection testing and is triggered during network device notifier callbacks, which are part of the kernel's network device management. The patch involves adding the missing INIT_LIST_HEAD() call to properly initialize the list head in the wpan_dev structure, preventing the null pointer dereference. The affected Linux kernel versions include multiple commits identified by the hash fcf39e6e88e9492f6688ec8ba4e1be622b904232. There are no known exploits in the wild at this time, and no CVSS score has been assigned. The vulnerability impacts the stability and availability of systems running affected Linux kernels with mac802154 support enabled, particularly those using IEEE 802.15.4 wireless interfaces such as low-rate wireless personal area networks (LR-WPANs).

For European organizations, the primary impact of CVE-2022-48972 is on system availability and reliability. Systems running affected Linux kernels with mac802154 support could experience kernel panics or crashes when network devices are registered or unregistered, potentially causing service disruptions. This is particularly relevant for organizations deploying IoT devices, industrial control systems, or wireless sensor networks that rely on IEEE 802.15.4 protocols, which are used in smart metering, building automation, and other critical infrastructure applications common in Europe. While the vulnerability does not directly expose confidentiality or integrity risks, denial of service through kernel crashes can disrupt operations and lead to downtime. Since exploitation requires interaction with network device registration processes, it may be triggered by local or remote administrative actions or device events. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or malicious triggering of the fault. European organizations with embedded Linux devices or network infrastructure using mac802154 should be aware of this risk to maintain operational continuity.

1. Apply the official Linux kernel patches that add the missing INIT_LIST_HEAD() initialization in ieee802154_if_add() as soon as they are available from trusted sources or Linux distributions. 2. For organizations using custom or embedded Linux kernels, ensure kernel source code is updated and rebuilt with the fix included. 3. Disable or remove mac802154 support if IEEE 802.15.4 wireless networking is not required, reducing the attack surface. 4. Monitor system logs for kernel BUG messages or null pointer dereferences related to cfg802154_netdev_notifier_call or ieee802154_if_add to detect potential triggering events. 5. Implement strict access controls on device management interfaces to prevent unauthorized registration or unregistration of network devices that could trigger the vulnerability. 6. Conduct thorough testing of kernel updates in staging environments before deployment to production to avoid unintended disruptions. 7. Maintain up-to-date inventory of devices using mac802154 to prioritize patching and risk assessment. 8. Collaborate with device vendors to ensure embedded systems receive timely kernel updates addressing this vulnerability.