CVE-2022-49539

{"id": "CVE-2022-49539", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:29.857", "references": [{"url": "https://git.kernel.org/stable/c/b169f877f001a474fb89939842c390518160bcc5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f6aff772c9978844529618d86aafb53e5d3ae161", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtw89: ser: fix CAM leaks occurring in L2 reset\n\nThe CAM, meaning address CAM and bssid CAM here, will get leaks during\nSER (system error recover) L2 reset process and ieee80211_restart_hw()\nwhich is called by L2 reset process eventually.\n\nThe normal flow would be like\n-> add interface (acquire 1)\n-> enter ips (release 1)\n-> leave ips (acquire 1)\n-> connection (occupy 1) <(A) 1 leak after L2 reset if non-sec connection>\n\nThe ieee80211_restart_hw() flow (under connection)\n-> ieee80211 reconfig\n-> add interface (acquire 1)\n-> leave ips (acquire 1)\n-> connection (occupy (A) + 2) <(B) 1 more leak>\n\nOriginally, CAM is released before HW restart only if connection is under\nsecurity. Now, release CAM whatever connection it is to fix leak in (A).\nOTOH, check if CAM is already valid to avoid acquiring multiple times to\nfix (B).\n\nBesides, if AP mode, release address CAM of all stations before HW restart."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rtw89: ser: corrige las fugas de CAM que ocurren en el reinicio de L2 El CAM, es decir, la direcci\u00f3n CAM y el bssid CAM aqu\u00ed, tendr\u00e1n fugas durante el proceso de reinicio de L2 de SER (recuperaci\u00f3n de error del sistema) y ieee80211_restart_hw() que es llamado por el proceso de reinicio de L2 eventualmente. El flujo normal ser\u00eda como -&gt; agregar interfaz (adquirir 1) -&gt; ingresar ips (liberar 1) -&gt; dejar ips (adquirir 1) -&gt; conexi\u00f3n (ocupar 1) &lt;(A) 1 fuga despu\u00e9s del reinicio de L2 si la conexi\u00f3n no es segura&gt; El flujo ieee80211_restart_hw() (bajo conexi\u00f3n) -&gt; ieee80211 reconfig -&gt; agregar interfaz (adquirir 1) -&gt; dejar ips (adquirir 1) -&gt; conexi\u00f3n (ocupar (A) + 2) &lt;(B) 1 fuga m\u00e1s&gt; Originalmente, CAM se libera antes del reinicio de HW solo si la conexi\u00f3n est\u00e1 bajo seguridad. Ahora, libere la CAM de cualquier conexi\u00f3n para reparar la fuga en (A). Por otra parte, verifique si la CAM ya es v\u00e1lida para evitar realizar m\u00faltiples adquisiciones para reparar (B). Adem\u00e1s, si est\u00e1 en modo AP, libere la direcci\u00f3n CAM de todas las estaciones antes de reiniciar el hardware."}], "lastModified": "2025-10-21T12:04:50.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98CD047E-3CA9-4A90-93B0-040784FAD016", "versionEndExcluding": "5.18.3", "versionStartIncluding": "5.16"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}