LiveActive security incident?Get immediate response
CVE Record

CVE-2022-49023: wifi: cfg80211: fix buffer overflow in elem comparison

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. Since the element itself is already checked to fit, we only need to check the length.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

CVE-2022-49023 is a Linux kernel Wi-Fi parsing bug. The affected cfg80211 code assumed a vendor element contained at least five bytes and could read past the buffer. The source bundle does not provide CVSS, practical impact, or evidence of exploitation, so urgency depends on whether exposed systems run affected Linux kernels with Wi-Fi functionality.

Executive priority

Treat this as a kernel maintenance and exposure-management issue, not a confirmed emergency. Prioritize Wi-Fi capable Linux fleets and embedded devices, especially where patch cadence is slow. Escalate if vendor advisories later assign high severity or report exploitation.

Technical view

In Linux kernel cfg80211, vendor element comparison failed to verify that five octets were present before accessing them. The upstream fix adds a length check because the containing element had already been bounds-checked. Stable kernel commit references are provided, but the bundle does not include crashability, privilege, confidentiality, or remote exploitability details.

Likely exposure

Likely exposure is Linux systems using affected kernel versions and Wi-Fi cfg80211 code paths. Wi-Fi enabled laptops, appliances, embedded devices, and access-related systems should be prioritized for inventory review. The bundle does not identify specific distributions, devices, or configurations beyond Linux kernel versions and stable commits.

Exploitation context

No active exploitation is supported by the provided sources; KEV is false. The available description supports a malformed or undersized vendor element causing an out-of-bounds read risk during comparison, but it does not establish exploit reliability, attacker proximity, denial-of-service impact, or code execution.

Researcher notes

Evidence is limited to the CVE description and Linux stable commit references. The key behavior is a missing vendor element length check before five-octet access. Do not infer exploitability beyond buffer over-read risk without commit diff review, affected call-path analysis, and vendor advisory confirmation.

Mitigation direction

  • Identify Linux kernel versions across Wi-Fi capable assets.
  • Apply vendor or distribution kernel updates containing the referenced stable fixes.
  • Review upstream stable commit applicability before backporting.
  • Monitor Linux distribution advisories for packaged fix availability.
  • Prioritize unmanaged embedded or appliance-like Wi-Fi devices.

Validation and detection

  • Check running kernel versions against vendor advisories and fixed builds.
  • Confirm cfg80211 or Wi-Fi functionality is present on candidate assets.
  • Verify kernel packages include one of the referenced stable fixes.
  • Record systems where Wi-Fi is disabled or absent as lower priority.
  • Track remediation status separately for embedded firmware images.
Prepared
Confidence
medium
Sources
7

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-49023 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
6Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux0b8fb8235be8be99a197e8d948fc0a2df8dc261a, 0b8fb8235be8be99a197e8d948fc0a2df8dc261a, 0b8fb8235be8be99a197e8d948fc0a2df8dc261a, 0b8fb8235be8be99a197e8d948fc0a2df8dc261a, 0b8fb8235be8be99a197e8d948fc0a2df8dc261aunaffected
LinuxLinux5.1, 0, 5.4.226, 5.10.158, 5.15.82, 6.0.12, 6.1affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.