CVE-2022-49022: wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration
Fix possible out-of-bound access in ieee80211_get_rate_duration routine
as reported by the following UBSAN report:
UBSAN: array-index-out-of-bounds in net/mac80211/airtime.c:455:47
index 15 is out of range for type 'u16 [12]'
CPU: 2 PID: 217 Comm: kworker/u32:10 Not tainted 6.1.0-060100rc3-generic
Hardware name: Acer Aspire TC-281/Aspire TC-281, BIOS R01-A2 07/18/2017
Workqueue: mt76 mt76u_tx_status_data [mt76_usb]
Call Trace:
<TASK>
show_stack+0x4e/0x61
dump_stack_lvl+0x4a/0x6f
dump_stack+0x10/0x18
ubsan_epilogue+0x9/0x43
__ubsan_handle_out_of_bounds.cold+0x42/0x47
ieee80211_get_rate_duration.constprop.0+0x22f/0x2a0 [mac80211]
? ieee80211_tx_status_ext+0x32e/0x640 [mac80211]
ieee80211_calc_rx_airtime+0xda/0x120 [mac80211]
ieee80211_calc_tx_airtime+0xb4/0x100 [mac80211]
mt76x02_send_tx_status+0x266/0x480 [mt76x02_lib]
mt76x02_tx_status_data+0x52/0x80 [mt76x02_lib]
mt76u_tx_status_data+0x67/0xd0 [mt76_usb]
process_one_work+0x225/0x400
worker_thread+0x50/0x3e0
? process_one_work+0x400/0x400
kthread+0xe9/0x110
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x22/0x30
Security readout for executives and security teams
Plain-English summary
CVE-2022-49022 is a Linux kernel Wi-Fi bug in mac80211 that can read outside an expected array while calculating airtime. The public record shows a kernel UBSAN crash report and stable fixes, but does not describe proven real-world exploitation or business impact.
Executive priority
Treat this as a kernel maintenance priority for Wi-Fi-enabled Linux assets, not an emergency based on the supplied evidence. Patch through normal security update channels and verify vendor backport status before assuming exposure.
Technical view
The flaw is an out-of-bounds array index in ieee80211_get_rate_duration in net/mac80211/airtime.c. The report shows index 15 outside a u16[12] array during mac80211 airtime calculation, with a call path involving mt76 USB transmit status handling.
Likely exposure
Exposure is most relevant to Linux systems running affected kernel versions with Wi-Fi functionality using mac80211. The bundle lists Linux kernel versions including 5.5 through fixed stable lines around 5.10.158, 5.15.82, 6.0.12, and 6.1, but distribution backports must be verified.
Exploitation context
The source bundle does not show active exploitation, public exploit availability, or KEV listing. Evidence is limited to a resolved Linux kernel defect and a UBSAN out-of-bounds report observed in a worker thread handling Wi-Fi driver status processing.
Researcher notes
The public record lacks CVSS, CWE, exploitability detail, and a clear attacker model. Analysis should stay close to the kernel fix and affected-version mapping. Do not infer remote code execution or active attacks from the supplied UBSAN report alone.
Mitigation direction
Install a vendor kernel update containing the referenced stable mac80211 fixes.
Verify whether your distribution backported the fix into its kernel package.
Prioritize Linux systems that use Wi-Fi, mac80211, or mt76 USB drivers.
Follow Linux distribution guidance if no fixed package mapping is available.
Validation and detection
Inventory Linux kernel versions on Wi-Fi-enabled systems.
Check whether installed kernels include the referenced stable commits or vendor backports.
Review kernel logs for UBSAN out-of-bounds reports in mac80211 airtime code.
Confirm regression coverage for Wi-Fi operation after kernel update.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-49022 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.