LiveActive security incident?Get immediate response
CVE Record

CVE-2022-49500: wl1251: dynamically allocate memory used for DMA

In the Linux kernel, the following vulnerability has been resolved: wl1251: dynamically allocate memory used for DMA With introduction of vmap'ed stacks, stack parameters can no longer be used for DMA and now leads to kernel panic. It happens at several places for the wl1251 (e.g. when accessed through SDIO) making it unuseable on e.g. the OpenPandora. We solve this by allocating temporary buffers or use wl1251_read32(). Tested on v5.18-rc5 with OpenPandora.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2022-49500 is a Linux kernel wl1251 wireless driver issue where DMA used stack memory after vmapped stacks were introduced, causing kernel panic. The visible business impact is availability loss on affected systems using this driver, not confirmed data theft or remote compromise.

Executive priority

Treat this as a targeted availability risk. It deserves attention for embedded or specialty Linux devices using wl1251 hardware, but current sources do not support emergency enterprise-wide action or claims of active exploitation.

Technical view

The wl1251 driver used stack parameters for DMA, which became unsafe with vmapped stacks. The kernel fix dynamically allocates temporary DMA buffers or uses wl1251_read32(). The source specifically mentions SDIO access and OpenPandora, with testing on v5.18-rc5.

Likely exposure

Exposure appears limited to Linux systems running affected kernel builds with the wl1251 wireless driver and relevant hardware paths, especially SDIO. The bundle lists Linux 5.18 through 5.18.3 and 5.19 as affected, but distribution backports need vendor confirmation.

Exploitation context

The source bundle does not report active exploitation, and KEV is false. The described failure mode is kernel panic when affected wl1251 DMA paths are exercised. No public exploit status or attacker prerequisites are established in the provided sources.

Researcher notes

Evidence is narrow and kernel-specific. Validate exposure through driver and hardware presence, not Linux use alone. The affected-version data is sparse, so rely on kernel commit inclusion and distribution backport status for final remediation decisions.

Mitigation direction

  • Update to a kernel or vendor package containing the referenced stable fixes.
  • Check Linux distribution advisories for backported wl1251 fixes.
  • Disable or remove wl1251 support where the hardware is not required.
  • Prioritize systems where wl1251 wireless hardware is actively used.

Validation and detection

  • Inventory kernels against affected versions and vendor-fixed builds.
  • Confirm whether the wl1251 driver is present, loaded, or required.
  • Check vendor changelogs for the referenced stable commit identifiers.
  • Review crash logs for wl1251-related kernel panic patterns.
Prepared
Confidence
medium
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2022-49500 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
3Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxa1c510d0adc604bb143c86052bc5be48cbcfa17c, a1c510d0adc604bb143c86052bc5be48cbcfa17cunaffected
LinuxLinux5.18, 0, 5.18.3, 5.19affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.