CVE-2022-49533 is a vulnerability identified in the Linux kernel's ath11k wireless driver, specifically related to the handling of active probe requests for Wi-Fi scanning. The issue arises from a mismatch between the maximum number of SSIDs (Service Set Identifiers) reported by the driver and the actual capacity of the data structure used to hold these SSIDs during scanning operations. The driver reports a maximum of 16 SSIDs (WLAN_SCAN_PARAMS_MAX_SSID), but the scan_req_params structure only has capacity for 10 SSIDs. This discrepancy leads to a buffer overflow when the wpa_supplicant user-space process triggers a scan and the SSIDs are copied into the scan_req_params structure within the ath11k_mac_op_hw_scan function. The overflow can overwrite adjacent memory, including the extraie pointer, potentially leading to memory corruption. The firmware supports up to 16 SSIDs and 4 BSSIDs (Basic Service Set Identifiers) per SSID, allowing for a total of 64 probe requests. The fix involves aligning the maximum SSID and BSSID counts with firmware capabilities and removing redundant macros to prevent the buffer overflow. The vulnerability was tested on IPQ8074 hardware with specific firmware versions. No known exploits are reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the affected ath11k wireless driver, particularly those using Qualcomm IPQ8074-based Wi-Fi hardware or similar devices. Exploitation could allow a local attacker or a malicious user-space process (such as wpa_supplicant) to trigger a buffer overflow, potentially leading to memory corruption, denial of service (system crashes), or escalation of privileges if exploited further. This could impact the confidentiality, integrity, and availability of affected systems. Given the widespread use of Linux in enterprise environments, including servers, network devices, and embedded systems, organizations relying on affected hardware for wireless connectivity could face disruptions or compromise. The lack of known exploits reduces immediate risk, but the vulnerability's presence in a core kernel component means that targeted attacks could emerge, especially in sectors with high reliance on secure wireless communications such as finance, telecommunications, and critical infrastructure.

European organizations should take the following specific actions: 1) Identify and inventory all Linux systems using the ath11k driver, especially those with Qualcomm IPQ8074 or similar Wi-Fi chipsets. 2) Apply the latest Linux kernel patches that address CVE-2022-49533 as soon as they become available, ensuring that the driver’s SSID and BSSID limits are correctly aligned with firmware capabilities. 3) Temporarily restrict or monitor the use of wpa_supplicant or other user-space processes that can initiate Wi-Fi scans on critical systems to detect anomalous scanning behavior. 4) Implement strict access controls and sandboxing for user-space processes interacting with wireless drivers to limit potential exploitation vectors. 5) Monitor system logs and kernel messages for signs of buffer overflow or memory corruption events related to wireless scanning. 6) Engage with hardware vendors and Linux distribution maintainers to confirm patch availability and deployment timelines. 7) For embedded or IoT devices using affected hardware, coordinate firmware updates or device replacements where patching is not feasible.