CVE-2022-49132
📋 TL;DR
A race condition vulnerability in the Linux kernel's ath11k PCI driver causes a kernel crash when the system enters suspend mode if the driver fails to load its board file. This affects Linux systems using Qualcomm Atheros ath11k wireless hardware with specific kernel versions. The crash leads to denial of service but doesn't allow arbitrary code execution.
💻 Affected Systems
- Linux kernel ath11k PCI driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System crashes during suspend/resume cycles, causing denial of service and potential data loss if unsaved work exists.
Likely Case
System becomes unresponsive during suspend attempts, requiring hard reboot and interrupting system availability.
If Mitigated
With proper patching, suspend/resume functions normally without crashes.
🎯 Exploit Status
Exploitation requires specific hardware/driver conditions and local access to trigger suspend. Not a typical security exploit but a stability bug.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions with commits: aeed776c00e8, b4f4c56459a5, f3c5ef433da8, fed4cef115ab
Vendor Advisory: https://git.kernel.org/stable/c/aeed776c00e804a0f7896db39c7c661cea34ee1f
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable ath11k driver
linuxPrevent ath11k driver from loading to avoid the crash condition
echo 'blacklist ath11k' >> /etc/modprobe.d/blacklist-ath11k.conf
update-initramfs -u
reboot
Disable suspend mode
linuxPrevent system from entering suspend state where crash occurs
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
🧯 If You Can't Patch
- Avoid using suspend/hibernate functionality on affected systems
- Ensure ath11k hardware is not present or disable it in BIOS/UEFI if possible
🔍 How to Verify
Check if Vulnerable:
Check if system has ath11k hardware: lspci | grep -i ath11k. Check kernel version: uname -r. If between 5.16-5.16.x with ath11k, likely vulnerable.Check Version:
uname -rVerify Fix Applied:
After patching, test suspend functionality: systemctl suspend. Check dmesg for crash messages related to ath11k.📡 Detection & Monitoring
Log Indicators:
- Kernel panic/Oops messages in dmesg during suspend
- Page fault errors at address 0000000000002070
- ath11k_dp_rx_pktlog_stop in call trace
Network Indicators:
- None - this is a local kernel crash
SIEM Query:
source="kernel" AND ("ath11k" AND ("suspend" OR "crash" OR "Oops"))