CVE-2022-49942

wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected When we are not connected to a channel, sending channel "switch" announcement doesn't make any sense. The BSS list is empty in that case. This causes the for loop in cfg80211_get_bss() to be bypassed, so the function returns NULL (check line 1424 of net/wireless/scan.c), causing the WARN_ON() in ieee80211_ibss_csa_beacon() to get triggered (check line 500 of net/mac80211/ibss.c), which was consequently reported on the syzkaller dashboard. Thus, check if we have an existing connection before generating the CSA beacon in ieee80211_ibss_finish_csa().

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/cdb9a8da9b84800eb15506cd9363cf0cf059e677
https://git.kernel.org/stable/c/1691a48aef0a82d1754b9853dae7e3f5cacdf70b
https://git.kernel.org/stable/c/d9eb37db6a28b59a95a3461450ee209654c5f95b
https://git.kernel.org/stable/c/66689c5c02acd4d76c28498fe220998610aec61e
https://git.kernel.org/stable/c/dd649b49219a0388cc10fc40e4c2ea681566a780
https://git.kernel.org/stable/c/552ba102a6898630a7d16887f29e606d6fabe508
https://git.kernel.org/stable/c/864e280cb3a9a0f5212b16ef5057c4e692f7039d
https://git.kernel.org/stable/c/15bc8966b6d3a5b9bfe4c9facfa02f2b69b1e5f0

Frequently Asked Questions

What is the severity of CVE-2022-49942?
CVE-2022-49942 has not yet been assigned a CVSS score.
How to fix CVE-2022-49942?
To fix CVE-2022-49942, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49942 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49942 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49942?
CVE-2022-49942 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.