CVE-2022-50424
📋 TL;DR
This CVE describes a memory leak vulnerability in the MediaTek MT7921 WiFi driver in the Linux kernel. When the mt7921_check_offload_capability() function fails to properly release memory allocated for firmware data, it can lead to gradual memory exhaustion. This affects Linux systems using the mt76 driver for MediaTek WiFi hardware.
💻 Affected Systems
- Linux kernel with mt76 WiFi driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service on affected devices.
Likely Case
Gradual memory consumption over time leading to degraded system performance and potential service interruptions requiring reboots.
If Mitigated
Minimal impact with proper monitoring and memory management controls in place.
🎯 Exploit Status
Exploitation requires triggering the specific code path in the WiFi driver, likely through WiFi operations. No known active exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel stable commits: 47180ecf4541146836c5307c1d5526f8ac6a5a6d and ead3cffd7510dc635d84cd4ea9dd1974fcb69a35
Vendor Advisory: https://git.kernel.org/stable/c/47180ecf4541146836c5307c1d5526f8ac6a5a6d
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable MT7921 WiFi
linuxTemporarily disable the vulnerable WiFi hardware if not required
sudo modprobe -r mt7921e
sudo modprobe -r mt7921s
sudo modprobe -r mt7921u
🧯 If You Can't Patch
- Monitor system memory usage for abnormal consumption patterns
- Implement regular system reboots to clear accumulated memory leaks
🔍 How to Verify
Check if Vulnerable:
Check if system has MT7921 WiFi hardware and vulnerable kernel version: lspci | grep -i mediatek && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond vulnerable commits and check dmesg for mt76 driver loading without errors📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer events
- Increasing memory usage in /proc/meminfo
- mt76 driver error messages in dmesg
Network Indicators:
- WiFi connectivity issues on affected hardware
SIEM Query:
source="kernel" AND ("mt76" OR "mt7921") AND ("memory" OR "leak" OR "oom")