CVE-2022-49740

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Mar 27, 2025

Updated: Apr 14, 2025

CWE ID 125

Summary

CVE-2022-49740 is a vulnerability affecting the Linux kernel's wifi driver, brcmfmac. This issue results in slab-out-of-bounds reads in brcmf_construct_chaninfo() and brcmf_enable_bw40_2g(), leading to potential crashes. The cause is an oversized count value of channel specifications provided by the device, causing the allocated buffer to be insufficient. The patch resolves this by adding checks to prevent such cases and free the buffer when necessary. The vulnerability was discovered using a modified version of syzkaller and has been reported to cause a crash in the kworker/0:2 thread.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/4vVTc1
https://www.cve.org/CVERecord?id=CVE-2022-49740
https://nvd.nist.gov/vuln/detail/CVE-2022-49740

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2022-49740

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations