CVE-2022-50165
📋 TL;DR
This CVE-2022-50165 is an uninitialized variable vulnerability in the Linux kernel's wil6210 WiFi driver debugfs interface. It could allow local attackers to cause kernel memory corruption or information disclosure by writing to debugfs files. Systems using Qualcomm Atheros QCA6174 WiFi chips with the wil6210 driver are affected.
💻 Affected Systems
- Linux kernel with wil6210 driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Local privilege escalation to kernel mode, system crash, or kernel memory information disclosure
Likely Case
Kernel panic causing denial of service or limited information disclosure
If Mitigated
No impact if debugfs is disabled or access restricted
🎯 Exploit Status
Requires local access and ability to write to debugfs. Exploitation depends on how uninitialized variable is used.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in stable kernel versions via provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/409bd72e544fdf4809ea0dac337bb5a1f11a25a9
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version is updated.
🔧 Temporary Workarounds
Disable debugfs access
linuxPrevent non-root users from accessing debugfs which contains the vulnerable interface
mount -o remount,nodev,noexec,nosuid /sys/kernel/debug
chmod 700 /sys/kernel/debug
Unmount debugfs
linuxCompletely unmount debugfs filesystem if not needed
umount /sys/kernel/debug
🧯 If You Can't Patch
- Restrict debugfs access to root only using mount options and permissions
- Disable wil6210 driver if not needed or use alternative WiFi hardware
🔍 How to Verify
Check if Vulnerable:
Check if debugfs is mounted and accessible, and kernel version is within affected rangeCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond vulnerable commits and debugfs access is restricted📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes related to wil6210 driver
- Permission denied errors for debugfs access attempts
Network Indicators:
- Unusual local process accessing /sys/kernel/debug/wil6210 files
SIEM Query:
process.name:cat AND file.path:/sys/kernel/debug/wil6210/* OR kernel.panic OR kernel.oops🔗 References
- https://git.kernel.org/stable/c/409bd72e544fdf4809ea0dac337bb5a1f11a25a9
- https://git.kernel.org/stable/c/52b11a48cf073e0aab923ae809a765d756cecf13
- https://git.kernel.org/stable/c/689e5caf63e99e15d2f485ec297c1bf9243e0e28
- https://git.kernel.org/stable/c/6c5fee83bdbeffe8d607d1ab125122a75f40bd1a
- https://git.kernel.org/stable/c/b13c84e877d7a3095bacb14665db304b2c00e95f
- https://git.kernel.org/stable/c/c9fde3a44da566d8929070ab6bda4f0dfa9955d0
- https://git.kernel.org/stable/c/d4742c886043b69d2d058bfde3998ef333b66595
- https://git.kernel.org/stable/c/d578e0af3a003736f6c440188b156483d451b329
