CVE-2022-49500: wl1251: dynamically allocate memory used for DMA
In the Linux kernel, the following vulnerability has been resolved:
wl1251: dynamically allocate memory used for DMA
With introduction of vmap'ed stacks, stack parameters can no
longer be used for DMA and now leads to kernel panic.
It happens at several places for the wl1251 (e.g. when
accessed through SDIO) making it unuseable on e.g. the
OpenPandora.
We solve this by allocating temporary buffers or use wl1251_read32().
Tested on v5.18-rc5 with OpenPandora.
Security readout for executives and security teams
Plain-English summary
CVE-2022-49500 is a Linux kernel wl1251 wireless driver issue where DMA used stack memory after vmapped stacks were introduced, causing kernel panic. The visible business impact is availability loss on affected systems using this driver, not confirmed data theft or remote compromise.
Executive priority
Treat this as a targeted availability risk. It deserves attention for embedded or specialty Linux devices using wl1251 hardware, but current sources do not support emergency enterprise-wide action or claims of active exploitation.
Technical view
The wl1251 driver used stack parameters for DMA, which became unsafe with vmapped stacks. The kernel fix dynamically allocates temporary DMA buffers or uses wl1251_read32(). The source specifically mentions SDIO access and OpenPandora, with testing on v5.18-rc5.
Likely exposure
Exposure appears limited to Linux systems running affected kernel builds with the wl1251 wireless driver and relevant hardware paths, especially SDIO. The bundle lists Linux 5.18 through 5.18.3 and 5.19 as affected, but distribution backports need vendor confirmation.
Exploitation context
The source bundle does not report active exploitation, and KEV is false. The described failure mode is kernel panic when affected wl1251 DMA paths are exercised. No public exploit status or attacker prerequisites are established in the provided sources.
Researcher notes
Evidence is narrow and kernel-specific. Validate exposure through driver and hardware presence, not Linux use alone. The affected-version data is sparse, so rely on kernel commit inclusion and distribution backport status for final remediation decisions.
Mitigation direction
Update to a kernel or vendor package containing the referenced stable fixes.
Check Linux distribution advisories for backported wl1251 fixes.
Disable or remove wl1251 support where the hardware is not required.
Prioritize systems where wl1251 wireless hardware is actively used.
Validation and detection
Inventory kernels against affected versions and vendor-fixed builds.
Confirm whether the wl1251 driver is present, loaded, or required.
Check vendor changelogs for the referenced stable commit identifiers.
Review crash logs for wl1251-related kernel panic patterns.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-49500 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
3Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Feb 26, 2025, 02:13 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.