Login Sign Up

CVE-2022-48972

5.5 MEDIUM
Denial of Service

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's IEEE 802.15.4 (WPAN) subsystem. When adding a wireless personal area network interface, the kernel fails to initialize a linked list, which can cause a kernel panic when the interface is unregistered. This affects Linux systems using IEEE 802.15.4 wireless interfaces.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions with vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when IEEE 802.15.4 (WPAN) subsystem is enabled and interfaces are being added/removed. Many systems don't use this subsystem by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical access to restart affected devices.

🟠

Likely Case

System crash when IEEE 802.15.4 interfaces are added/removed, causing temporary denial of service until system restart.

🟢

If Mitigated

No impact if patched or if IEEE 802.15.4 interfaces are not used.

🌐 Internet-Facing: LOW - This vulnerability requires local access or specific wireless interface manipulation.
🏢 Internal Only: MEDIUM - Internal attackers with access to add/remove IEEE 802.15.4 interfaces could cause system crashes.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to add/remove IEEE 802.15.4 interfaces, typically requiring local access or specific wireless capabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 1831d4540406708e48239cf38fd9c3b7ea98e08f or later

Vendor Advisory: https://git.kernel.org/stable/c/1831d4540406708e48239cf38fd9c3b7ea98e08f

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commit. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable IEEE 802.15.4 subsystem

linux

Prevent loading of mac802154 module to avoid vulnerability

echo 'blacklist mac802154' >> /etc/modprobe.d/blacklist.conf
rmmod mac802154

🧯 If You Can't Patch

  • Disable IEEE 802.15.4 interfaces if not needed
  • Restrict user permissions to prevent interface manipulation

🔍 How to Verify

Check if Vulnerable:

Check if mac802154 module is loaded: lsmod | grep mac802154. If loaded and kernel version is vulnerable, system is at risk.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against distribution security advisory or verify fix commit is present: grep -r 'INIT_LIST_HEAD.*wpan_dev' /usr/src/linux/net/mac802154/iface.c

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • NULL pointer dereference in cfg802154_netdev_notifier_call
  • System crash logs when adding/removing wireless interfaces

Network Indicators:

  • Unexpected system reboots on devices with IEEE 802.15.4 interfaces

SIEM Query:

event.category:kernel AND (event.message:"NULL pointer dereference" OR event.message:"cfg802154_netdev_notifier_call")

📊 Metadata

CVE ID: CVE-2022-48972
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: October 21, 2024
Last Updated: October 25, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48972, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2019-20914 9.8

This vulnerability in GNU LibreDWG is a NULL pointer dereference that can cause application crashes ...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)