Login Sign Up

CVE-2022-49237

5.5 MEDIUM

📋 TL;DR

This CVE describes a memory leak vulnerability in the Linux kernel's ath11k wireless driver. The driver fails to properly release memory references when handling device tree nodes, which could lead to kernel memory exhaustion over time. This affects Linux systems using Qualcomm Atheros ath11k Wi-Fi hardware.

💻 Affected Systems

Products:
  • Linux kernel with ath11k driver
Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Qualcomm Atheros Wi-Fi 6 hardware using the ath11k driver. Requires the ath11k module to be loaded and active.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained exploitation could cause kernel memory exhaustion leading to system instability, crashes, or denial of service requiring reboot.

🟠

Likely Case

Gradual memory leak during normal Wi-Fi operations causing performance degradation over time, potentially requiring system restart.

🟢

If Mitigated

Minimal impact with proper monitoring and regular system maintenance; memory pressure might be noticeable but manageable.

🌐 Internet-Facing: LOW - Requires local access to Wi-Fi hardware and driver interaction; not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local users or processes interacting with Wi-Fi hardware could trigger the leak, potentially affecting system stability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: NO
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to trigger device tree node operations through Wi-Fi driver interactions. No known active exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits 3d38faef0de1756994b3d95e47b2302842f729e2 and 7d51cb010b20d70b16dc6e4341bf29d6c5b32564

Vendor Advisory: https://git.kernel.org/stable/c/3d38faef0de1756994b3d95e47b2302842f729e2

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Unload ath11k module

linux

Temporarily disable the vulnerable driver if Wi-Fi functionality is not required

sudo modprobe -r ath11k

Blacklist ath11k module

linux

Prevent ath11k driver from loading at boot

echo 'blacklist ath11k' | sudo tee /etc/modprobe.d/ath11k-blacklist.conf
sudo update-initramfs -u

🧯 If You Can't Patch

  • Monitor system memory usage for unusual growth patterns
  • Schedule regular system reboots to clear accumulated memory leaks

🔍 How to Verify

Check if Vulnerable:

Check if ath11k module is loaded: lsmod | grep ath11k. If loaded, check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or is newer than vulnerable versions. Check dmesg for ath11k-related memory leak messages.

📡 Detection & Monitoring

Log Indicators:

  • Kernel oom-killer messages
  • Increasing memory usage in /proc/meminfo
  • dmesg warnings about memory pressure

Network Indicators:

  • None - this is a local memory management issue

SIEM Query:

source="kernel" AND ("ath11k" OR "of_node" OR "memory leak")

📊 Metadata

CVE ID: CVE-2022-49237
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.04% exploit probability (11th percentile)
Published: February 26, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON