CVE-2022-49484 is a vulnerability identified in the Linux kernel, specifically within the mt76 wireless driver module for the mt7915 chipset. The flaw involves a possible NULL pointer dereference in the function mt7915_mac_fill_rx_vector. This function is responsible for processing received wireless frames and filling in metadata vectors that describe the frame's properties. The vulnerability occurs when the hardware does not support dual-band dual-concurrent (DBDC) operation, yet the hardware erroneously reports the band index (band_idx) as 1. Under these conditions, the function attempts to dereference a NULL pointer, leading to a kernel crash or denial of service (DoS). This is a memory safety issue that can cause the affected system to become unstable or crash unexpectedly. The vulnerability has been fixed in the Linux kernel by adding proper checks to prevent the NULL pointer dereference when the chip does not support DBDC but reports band_idx as 1. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The affected versions correspond to specific Linux kernel commits prior to the patch. This vulnerability is relevant to systems running Linux kernels that include the mt76 driver supporting the mt7915 wireless chipset, commonly found in embedded devices, routers, and some IoT devices. The issue primarily impacts the availability of the system by causing kernel panics or crashes due to improper handling of wireless frame metadata in certain hardware configurations.

For European organizations, the impact of CVE-2022-49484 can be significant in environments relying on Linux-based systems with mt7915 wireless chipsets, especially in networking equipment such as routers, access points, or embedded devices. A successful exploitation leads to denial of service through kernel crashes, potentially disrupting network connectivity and critical services. This can affect enterprises, service providers, and industrial control systems that depend on stable wireless communications. While the vulnerability does not directly expose confidentiality or integrity risks, the resulting downtime can lead to operational disruptions, loss of productivity, and increased support costs. In sectors such as telecommunications, manufacturing, and critical infrastructure, where Linux-based embedded devices are prevalent, this vulnerability could be leveraged to cause targeted outages. The lack of known exploits reduces immediate risk, but the ease of triggering a NULL pointer dereference (which may not require authentication if the device processes wireless frames from unauthenticated sources) suggests a medium-term risk of DoS attacks. European organizations with large deployments of affected hardware should prioritize patching to maintain service availability and network reliability.

1. Apply the latest Linux kernel updates that include the patch fixing CVE-2022-49484. Ensure that all systems running the mt76 driver with mt7915 chipset support are updated promptly. 2. For embedded devices or routers where kernel updates are not immediately available, consider firmware upgrades from the device vendor that incorporate the patched kernel. 3. Implement network segmentation and wireless client isolation to limit exposure of vulnerable devices to untrusted networks or external attackers. 4. Monitor system logs for kernel panics or crashes related to wireless driver activity to detect potential exploitation attempts. 5. If patching is delayed, consider disabling or restricting the use of the affected wireless interface where feasible to reduce attack surface. 6. Coordinate with hardware vendors and Linux distribution maintainers to ensure timely deployment of fixes and advisories. 7. Incorporate this vulnerability into vulnerability management and incident response plans to quickly address any emerging threats.