CVE-2022-49230
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's MediaTek MT7915 Wi-Fi driver. When the mt7915_mcu_add_sta function fails, it doesn't properly free allocated socket buffers (skbs), leading to gradual memory exhaustion. This affects systems using MediaTek MT7915 Wi-Fi chipsets with vulnerable kernel versions.
💻 Affected Systems
- Linux kernel with MediaTek MT7915 Wi-Fi driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could cause kernel memory exhaustion leading to system instability, crashes, or denial of service requiring physical reboot.
Likely Case
Gradual memory consumption over time causing performance degradation and eventual system instability in affected Wi-Fi devices.
If Mitigated
Minimal impact with proper monitoring and memory limits in place, though still represents resource waste.
🎯 Exploit Status
Exploitation requires ability to trigger Wi-Fi station management operations, typically requiring network access or ability to connect/disconnect as a Wi-Fi client.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits a43736cd12d82913102eb49cb56787a5553e028f, b334a245ff1d76b1e97af8cea648ea6798b9eb87, daf02c7e3c3dc82ffa925999597bd455cf799551
Vendor Advisory: https://git.kernel.org/stable/c/a43736cd12d82913102eb49cb56787a5553e028f
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable MT7915 Wi-Fi
linuxTemporarily disable the vulnerable Wi-Fi hardware if not required
sudo modprobe -r mt7915e
echo 'blacklist mt7915e' | sudo tee /etc/modprobe.d/blacklist-mt7915.conf
🧯 If You Can't Patch
- Monitor system memory usage closely for abnormal consumption patterns
- Implement connection rate limiting for Wi-Fi clients to reduce trigger frequency
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if mt7915 module is loaded: lsmod | grep mt7915 && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and test Wi-Fi station operations while monitoring memory📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- Abnormal memory consumption in /var/log/syslog
- Wi-Fi driver error messages
Network Indicators:
- Increased Wi-Fi disconnection/reconnection events
SIEM Query:
source="kernel" AND ("out of memory" OR "oom-killer") AND process="mt7915"