CVE-2022-49131: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: ath11k: fix kernel panic during unload/load ath11k modules Call netif_napi_del() from ath11k_ahb_free_ext_irq() to fix the following kernel panic when unload/load ath11k modules for few iterations. [ 971.201365] Unable to handle kernel paging request at virtual address 6d97a208 [ 971.204227] pgd = 594c2919 [ 971.211478] [6d97a208] *pgd=00000000 [ 971.214120] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 971.412024] CPU: 2 PID: 4435 Comm: insmod Not tainted 5.4.89 #0 [ 971.434256] Hardware name: Generic DT based system [ 971.440165] PC is at napi_by_id+0x10/0x40 [ 971.445019] LR is at netif_napi_add+0x160/0x1dc [ 971.743127] (napi_by_id) from [<807d89a0>] (netif_napi_add+0x160/0x1dc) [ 971.751295] (netif_napi_add) from [<7f1209ac>] (ath11k_ahb_config_irq+0xf8/0x414 [ath11k_ahb]) [ 971.759164] (ath11k_ahb_config_irq [ath11k_ahb]) from [<7f12135c>] (ath11k_ahb_probe+0x40c/0x51c [ath11k_ahb]) [ 971.768567] (ath11k_ahb_probe [ath11k_ahb]) from [<80666864>] (platform_drv_probe+0x48/0x94) [ 971.779670] (platform_drv_probe) from [<80664718>] (really_probe+0x1c8/0x450) [ 971.789389] (really_probe) from [<80664cc4>] (driver_probe_device+0x15c/0x1b8) [ 971.797547] (driver_probe_device) from [<80664f60>] (device_driver_attach+0x44/0x60) [ 971.805795] (device_driver_attach) from [<806650a0>] (__driver_attach+0x124/0x140) [ 971.814822] (__driver_attach) from [<80662adc>] (bus_for_each_dev+0x58/0xa4) [ 971.823328] (bus_for_each_dev) from [<80663a2c>] (bus_add_driver+0xf0/0x1e8) [ 971.831662] (bus_add_driver) from [<806658a4>] (driver_register+0xa8/0xf0) [ 971.839822] (driver_register) from [<8030269c>] (do_one_initcall+0x78/0x1ac) [ 971.847638] (do_one_initcall) from [<80392524>] (do_init_module+0x54/0x200) [ 971.855968] (do_init_module) from [<803945b0>] (load_module+0x1e30/0x1ffc) [ 971.864126] (load_module) from [<803948b0>] (sys_init_module+0x134/0x17c) [ 971.871852] (sys_init_module) from [<80301000>] (ret_fast_syscall+0x0/0x50) Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00760-QCAHKSWPL_SILICONZ-1
AI Analysis
Technical Summary
CVE-2022-49131 is a vulnerability identified in the Linux kernel specifically affecting the ath11k wireless driver module, which is responsible for managing certain Qualcomm Atheros Wi-Fi chipsets. The issue manifests as a kernel panic triggered during the repeated unload and load cycles of the ath11k kernel modules. The root cause is related to improper handling of network interface polling (NAPI) structures during module unload, where the function netif_napi_del() was not called appropriately from ath11k_ahb_free_ext_irq(). This omission leads to a use-after-free or invalid memory access scenario, causing the kernel to attempt to access a null or invalid page directory entry, resulting in an 'Oops' error and system crash. The vulnerability was observed on ARM architecture systems, with the stack trace indicating failure in napi_by_id and netif_napi_add functions during module initialization and IRQ configuration. The affected hardware includes devices using the IPQ8074 chipset or similar Qualcomm Atheros platforms running Linux kernel version 5.4.89 or comparable. The vulnerability does not appear to have known exploits in the wild and has no assigned CVSS score yet. The fix involves ensuring netif_napi_del() is called properly to clean up NAPI structures during module unload, preventing kernel panics and improving system stability.
Potential Impact
For European organizations, this vulnerability primarily impacts systems running Linux kernels with the ath11k driver enabled, particularly those using Qualcomm Atheros IPQ8074 or related Wi-Fi chipsets. The impact is a denial of service (DoS) condition caused by kernel panics during module reloads, which could disrupt network connectivity and system availability. This is especially critical for embedded systems, network appliances, routers, or IoT devices deployed in enterprise or industrial environments that rely on these wireless modules. While the vulnerability does not directly lead to privilege escalation or data leakage, the resulting instability can cause operational disruptions, potentially affecting business continuity. Organizations with automated update or module reload processes may experience repeated crashes, complicating remediation. Since exploitation requires module unload/load cycles, it is less likely to be triggered remotely without local access or administrative privileges, limiting the attack surface but still posing a risk in multi-tenant or shared environments.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the latest Linux kernel patches that include the fix for CVE-2022-49131 as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Audit and restrict access to systems allowing module unload/load operations to trusted administrators only, minimizing the risk of accidental or malicious triggering. 3) For embedded or network devices using Qualcomm Atheros IPQ8074 chipsets, coordinate with hardware vendors to obtain firmware or driver updates incorporating the fix. 4) Implement monitoring for kernel panics or system crashes related to ath11k modules to detect potential exploitation attempts or instability. 5) Where possible, avoid unnecessary unloading and reloading of the ath11k modules, especially in production environments. 6) Consider network segmentation and access controls to limit exposure of vulnerable devices to untrusted users or networks. 7) Maintain up-to-date inventories of Linux kernel versions and wireless drivers in use to prioritize patching efforts effectively.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden, Belgium, Finland
CVE-2022-49131: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: ath11k: fix kernel panic during unload/load ath11k modules Call netif_napi_del() from ath11k_ahb_free_ext_irq() to fix the following kernel panic when unload/load ath11k modules for few iterations. [ 971.201365] Unable to handle kernel paging request at virtual address 6d97a208 [ 971.204227] pgd = 594c2919 [ 971.211478] [6d97a208] *pgd=00000000 [ 971.214120] Internal error: Oops: 5 [#1] PREEMPT SMP ARM [ 971.412024] CPU: 2 PID: 4435 Comm: insmod Not tainted 5.4.89 #0 [ 971.434256] Hardware name: Generic DT based system [ 971.440165] PC is at napi_by_id+0x10/0x40 [ 971.445019] LR is at netif_napi_add+0x160/0x1dc [ 971.743127] (napi_by_id) from [<807d89a0>] (netif_napi_add+0x160/0x1dc) [ 971.751295] (netif_napi_add) from [<7f1209ac>] (ath11k_ahb_config_irq+0xf8/0x414 [ath11k_ahb]) [ 971.759164] (ath11k_ahb_config_irq [ath11k_ahb]) from [<7f12135c>] (ath11k_ahb_probe+0x40c/0x51c [ath11k_ahb]) [ 971.768567] (ath11k_ahb_probe [ath11k_ahb]) from [<80666864>] (platform_drv_probe+0x48/0x94) [ 971.779670] (platform_drv_probe) from [<80664718>] (really_probe+0x1c8/0x450) [ 971.789389] (really_probe) from [<80664cc4>] (driver_probe_device+0x15c/0x1b8) [ 971.797547] (driver_probe_device) from [<80664f60>] (device_driver_attach+0x44/0x60) [ 971.805795] (device_driver_attach) from [<806650a0>] (__driver_attach+0x124/0x140) [ 971.814822] (__driver_attach) from [<80662adc>] (bus_for_each_dev+0x58/0xa4) [ 971.823328] (bus_for_each_dev) from [<80663a2c>] (bus_add_driver+0xf0/0x1e8) [ 971.831662] (bus_add_driver) from [<806658a4>] (driver_register+0xa8/0xf0) [ 971.839822] (driver_register) from [<8030269c>] (do_one_initcall+0x78/0x1ac) [ 971.847638] (do_one_initcall) from [<80392524>] (do_init_module+0x54/0x200) [ 971.855968] (do_init_module) from [<803945b0>] (load_module+0x1e30/0x1ffc) [ 971.864126] (load_module) from [<803948b0>] (sys_init_module+0x134/0x17c) [ 971.871852] (sys_init_module) from [<80301000>] (ret_fast_syscall+0x0/0x50) Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.6.0.1-00760-QCAHKSWPL_SILICONZ-1
AI-Powered Analysis
Technical Analysis
CVE-2022-49131 is a vulnerability identified in the Linux kernel specifically affecting the ath11k wireless driver module, which is responsible for managing certain Qualcomm Atheros Wi-Fi chipsets. The issue manifests as a kernel panic triggered during the repeated unload and load cycles of the ath11k kernel modules. The root cause is related to improper handling of network interface polling (NAPI) structures during module unload, where the function netif_napi_del() was not called appropriately from ath11k_ahb_free_ext_irq(). This omission leads to a use-after-free or invalid memory access scenario, causing the kernel to attempt to access a null or invalid page directory entry, resulting in an 'Oops' error and system crash. The vulnerability was observed on ARM architecture systems, with the stack trace indicating failure in napi_by_id and netif_napi_add functions during module initialization and IRQ configuration. The affected hardware includes devices using the IPQ8074 chipset or similar Qualcomm Atheros platforms running Linux kernel version 5.4.89 or comparable. The vulnerability does not appear to have known exploits in the wild and has no assigned CVSS score yet. The fix involves ensuring netif_napi_del() is called properly to clean up NAPI structures during module unload, preventing kernel panics and improving system stability.
Potential Impact
For European organizations, this vulnerability primarily impacts systems running Linux kernels with the ath11k driver enabled, particularly those using Qualcomm Atheros IPQ8074 or related Wi-Fi chipsets. The impact is a denial of service (DoS) condition caused by kernel panics during module reloads, which could disrupt network connectivity and system availability. This is especially critical for embedded systems, network appliances, routers, or IoT devices deployed in enterprise or industrial environments that rely on these wireless modules. While the vulnerability does not directly lead to privilege escalation or data leakage, the resulting instability can cause operational disruptions, potentially affecting business continuity. Organizations with automated update or module reload processes may experience repeated crashes, complicating remediation. Since exploitation requires module unload/load cycles, it is less likely to be triggered remotely without local access or administrative privileges, limiting the attack surface but still posing a risk in multi-tenant or shared environments.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the latest Linux kernel patches that include the fix for CVE-2022-49131 as soon as they become available from trusted Linux distributions or kernel maintainers. 2) Audit and restrict access to systems allowing module unload/load operations to trusted administrators only, minimizing the risk of accidental or malicious triggering. 3) For embedded or network devices using Qualcomm Atheros IPQ8074 chipsets, coordinate with hardware vendors to obtain firmware or driver updates incorporating the fix. 4) Implement monitoring for kernel panics or system crashes related to ath11k modules to detect potential exploitation attempts or instability. 5) Where possible, avoid unnecessary unloading and reloading of the ath11k modules, especially in production environments. 6) Consider network segmentation and access controls to limit exposure of vulnerable devices to untrusted users or networks. 7) Maintain up-to-date inventories of Linux kernel versions and wireless drivers in use to prioritize patching efforts effectively.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T01:49:39.267Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe4fc6
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 3:11:58 AM
Last updated: 8/11/2025, 6:20:43 PM
Views: 14
Related Threats
CVE-2025-8834: Cross Site Scripting in JCG Link-net LW-N915R
MediumCVE-2025-55159: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in tokio-rs slab
MediumCVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.