CVE-2022-50784

Vulnerability

CVE-2022-50784 describes a NULL-pointer dereference vulnerability in the Linux kernel's iwlwifi driver, specifically in the MEI (Management Entity Interface) code. When processing certain data, the driver attempts to clone an SKB (socket buffer). If the cloning operation fails (returns NULL), the driver previously would try to use the NULL pointer, leading to a potential crash or denial of service [1][2].

Exploitation

No special prerequisites or authentication are required for an attacker to trigger this condition; it can occur during normal operation of the wireless subsystem if memory allocation for the SKB clone fails. The attack surface is local, as the driver is part of the kernel, and an unprivileged user could potentially trigger this path by interacting with the wireless interface, though the primary risk is denial of service due to kernel crash.

Impact

An attacker who can cause the SKB clone to fail (e.g., by exhausting memory) may trigger a kernel NULL-pointer dereference, resulting in a system crash (denial of service). No privilege escalation or data leakage is indicated by the available sources.

Mitigation

The fix, introduced in kernel commits [1][2], adds a NULL check after the SKB clone attempt: if the clone fails, the function returns as if it should pass the original SKB instead of dereferencing the NULL pointer. All stable kernel versions that include these commits are patched. Users should update to a kernel version containing the fix.