Login Sign Up

CVE-2022-49290

7.8 HIGH
Denial of Service

📋 TL;DR

This vulnerability is a double-free memory corruption flaw in the Linux kernel's mac80211 mesh networking subsystem. It allows attackers with local access to potentially crash the kernel or execute arbitrary code by repeatedly leaving and rejoining a mesh network. Systems using encrypted mesh networking with affected Linux kernel versions are vulnerable.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Versions containing commit 6a01afcf8468 up to patched versions
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when using encrypted mesh networking (wpa_supplicant or custom nl80211 implementations). Unencrypted mesh via 'iw' command is not affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or potential privilege escalation to kernel-level code execution, allowing complete system compromise.

🟠

Likely Case

Kernel panic causing system crash and denial of service, requiring physical or remote console access to reboot.

🟢

If Mitigated

No impact if systems are patched or not using encrypted mesh networking.

🌐 Internet-Facing: LOW - Requires local access to the system and mesh network configuration capabilities.
🏢 Internal Only: MEDIUM - Attackers with local access (including compromised user accounts) could exploit this to crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to execute mesh leave/join commands. Exploitation depends on specific mesh configuration and timing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with fixes from the provided git commits

Vendor Advisory: https://git.kernel.org/stable/c/12e407a8ef17623823fd0c066fbd7f103953d28d

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable mesh networking

all

Remove or disable mesh network interfaces if not required

sudo iw dev mesh0 del
sudo ip link delete mesh0

Use unencrypted mesh only

all

Configure mesh networks without encryption using 'iw' command instead of wpa_supplicant

sudo iw dev mesh0 mesh join my-mesh

🧯 If You Can't Patch

  • Disable all mesh network interfaces and functionality
  • Restrict user permissions to prevent mesh configuration commands (iw, wpa_cli)

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if mesh interfaces exist: 'uname -r' and 'iw dev | grep mesh'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated beyond vulnerable range and test mesh leave/join operations

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • OOM killer messages
  • Repeated mesh join/leave operations in system logs

Network Indicators:

  • Unexpected mesh interface state changes
  • Network connectivity loss on mesh nodes

SIEM Query:

kernel:panic OR kernel:BUG OR process:iw AND (command:mesh leave OR command:mesh join)

📊 Metadata

CVE ID: CVE-2022-49290
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-415
EPSS Score: 0.03% exploit probability (7th percentile)
Published: February 26, 2025
Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49290, you might also want to check these:

CVE-2020-35885 9.8

This vulnerability in the alpm-rs Rust crate allows double-free memory corruption due to improper de...

Same vulnerability type (CWE-415)
CVE-2021-29940 9.8

This vulnerability in the Rust 'through' crate allows double-free memory corruption when the map fun...

Same vulnerability type (CWE-415)
CVE-2023-49937 9.8

This CVE describes a double-free vulnerability in SchedMD Slurm workload manager that allows attacke...

Same vulnerability type (CWE-415)