CVE-2022-50361
📋 TL;DR
This CVE is a NULL pointer dereference vulnerability in the Linux kernel's wilc1000 WiFi driver. When the driver fails to allocate a workqueue during initialization, it doesn't properly clean up network device registration, leading to a kernel panic. This affects Linux systems using the wilc1000 driver for WiFi connectivity.
💻 Affected Systems
- Linux kernel with wilc1000 WiFi driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote reboot to restore functionality.
Likely Case
System crash during WiFi driver initialization, preventing network connectivity until system restart.
If Mitigated
No impact if the driver initialization succeeds normally, which is the common case.
🎯 Exploit Status
Exploitation requires triggering specific error conditions during driver initialization, typically through fault injection or memory pressure scenarios.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in kernel commits: 2b88974ecb35, 6da6ce086221, a1bdecedc7ad
Vendor Advisory: https://git.kernel.org/stable/c/2b88974ecb358990e1c33fabcd0b9e142bab7f21
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager to update kernel package. 3. Rebuild kernel if using custom kernel with affected code.
🔧 Temporary Workarounds
Disable wilc1000 driver
allPrevent loading of vulnerable driver module
echo 'blacklist wilc1000' >> /etc/modprobe.d/blacklist.conf
rmmod wilc1000
Avoid memory pressure during boot
allReduce chance of allocation failure during driver initialization
Ensure adequate system memory available during boot
🧯 If You Can't Patch
- Avoid using systems with wilc1000 WiFi hardware
- Monitor system logs for kernel panic events related to wilc1000 driver
🔍 How to Verify
Check if Vulnerable:
Check if wilc1000 module is loaded: lsmod | grep wilc1000 AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: grep -r 'wilc_netdev_ifc_init' /proc/kallsyms for proper error handling symbols📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning wilc1000
- BUG at net/core/dev.c:10731 in system logs
- Driver initialization failure logs
Network Indicators:
- Sudden loss of WiFi connectivity on affected systems
SIEM Query:
source="kernel" AND ("wilc1000" OR "BUG at net/core/dev.c:10731")