CVE-2022-49023: wifi: cfg80211: fix buffer overflow in elem comparison
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: fix buffer overflow in elem comparison
For vendor elements, the code here assumes that 5 octets
are present without checking. Since the element itself is
already checked to fit, we only need to check the length.
Security readout for executives and security teams
Plain-English summary
CVE-2022-49023 is a Linux kernel Wi-Fi parsing bug. The affected cfg80211 code assumed a vendor element contained at least five bytes and could read past the buffer. The source bundle does not provide CVSS, practical impact, or evidence of exploitation, so urgency depends on whether exposed systems run affected Linux kernels with Wi-Fi functionality.
Executive priority
Treat this as a kernel maintenance and exposure-management issue, not a confirmed emergency. Prioritize Wi-Fi capable Linux fleets and embedded devices, especially where patch cadence is slow. Escalate if vendor advisories later assign high severity or report exploitation.
Technical view
In Linux kernel cfg80211, vendor element comparison failed to verify that five octets were present before accessing them. The upstream fix adds a length check because the containing element had already been bounds-checked. Stable kernel commit references are provided, but the bundle does not include crashability, privilege, confidentiality, or remote exploitability details.
Likely exposure
Likely exposure is Linux systems using affected kernel versions and Wi-Fi cfg80211 code paths. Wi-Fi enabled laptops, appliances, embedded devices, and access-related systems should be prioritized for inventory review. The bundle does not identify specific distributions, devices, or configurations beyond Linux kernel versions and stable commits.
Exploitation context
No active exploitation is supported by the provided sources; KEV is false. The available description supports a malformed or undersized vendor element causing an out-of-bounds read risk during comparison, but it does not establish exploit reliability, attacker proximity, denial-of-service impact, or code execution.
Researcher notes
Evidence is limited to the CVE description and Linux stable commit references. The key behavior is a missing vendor element length check before five-octet access. Do not infer exploitability beyond buffer over-read risk without commit diff review, affected call-path analysis, and vendor advisory confirmation.
Mitigation direction
Identify Linux kernel versions across Wi-Fi capable assets.
Apply vendor or distribution kernel updates containing the referenced stable fixes.
Review upstream stable commit applicability before backporting.
Monitor Linux distribution advisories for packaged fix availability.
Prioritize unmanaged embedded or appliance-like Wi-Fi devices.
Validation and detection
Check running kernel versions against vendor advisories and fixed builds.
Confirm cfg80211 or Wi-Fi functionality is present on candidate assets.
Verify kernel packages include one of the referenced stable fixes.
Record systems where Wi-Fi is disabled or absent as lower priority.
Track remediation status separately for embedded firmware images.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-49023 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.