CVE-2022-49740 wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads

🗓️ 27 Mar 2025 16:42:52Reported by LinuxType

Fix for out-of-bounds reads in Linux kernel wifi driver, ensuring safe channel spec handling.

Reporter	Title	Published	Views	Family All 42
AstraLinux	Astra Linux - уязвимость в linux-5.10, linux, linux-5.15	20 May 202605:53	–	astralinux
BDU FSTEC	The vulnerability of the Linux operating system’s kernel Wi-Fi component, which allows a hacker to trigger a service failure	3 Jun 202500:00	–	bdu_fstec
CloudLinux	kernel: Fix of 12 CVEs	27 May 202517:25	–	cloudlinux
CNNVD	Linux kernel 安全漏洞	27 Mar 202500:00	–	cnnvd
CVE	CVE-2022-49740	27 Mar 202516:42	–	cve
Debian CVE	CVE-2022-49740	27 Mar 202516:42	–	debiancve
EUVD	EUVD-2022-55183	3 Oct 202520:07	–	euvd
NVD	CVE-2022-49740	27 Mar 202517:15	–	nvd
OpenVAS	SUSE: Security Advisory (SUSE-SU-2025:1293-1)	18 Apr 202500:00	–	openvas
OSV	CLSA-2025-1747430034 Fix of 54 CVEs	16 May 202521:13	–	osv

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c"
    ],
    "versions": [
      {
        "version": "d48200ba45dd2edfe6286abfc783a81a4a492e98",
        "lessThan": "9cf5e99c1ae1a85286a76c9a970202750538394c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d48200ba45dd2edfe6286abfc783a81a4a492e98",
        "lessThan": "b2e412879595821ff1b5545cbed5f108fba7f5b6",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d48200ba45dd2edfe6286abfc783a81a4a492e98",
        "lessThan": "e4991910f15013db72f6ec0db7038ea67a57052e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d48200ba45dd2edfe6286abfc783a81a4a492e98",
        "lessThan": "f06de1bb6d61f0c18b0213bbc6298960037f9d42",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d48200ba45dd2edfe6286abfc783a81a4a492e98",
        "lessThan": "4920ab131b2dbae7464b72bdcac465d070254209",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c"
    ],
    "versions": [
      {
        "version": "3.10",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.10",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.4.232",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.10.168",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "5.15.93",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.1.11",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.2",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/f06de1bb6d61f0c18b0213bbc6298960037f9d42
git	www.git.kernel.org/stable/c/9cf5e99c1ae1a85286a76c9a970202750538394c
git	www.git.kernel.org/stable/c/e4991910f15013db72f6ec0db7038ea67a57052e
git	www.git.kernel.org/stable/c/b2e412879595821ff1b5545cbed5f108fba7f5b6
git	www.git.kernel.org/stable/c/4920ab131b2dbae7464b72bdcac465d070254209

11 May 2026 19:05Current

EPSS0.00023