CVE-2022-50832

Vulnerability

A memory leak vulnerability exists in the Linux kernel's wilc1000 wireless driver. The function wilc_mac_xmit() is responsible for transmitting network packets, but when it returns NETDEV_TX_OK, it does not free the associated socket buffer (skb). This omission causes the skb to remain allocated indefinitely, creating a persistent memory leak [1].

Exploitation

Context

This bug is triggered during normal network packet transmission on systems using the wilc1000 driver. No special authentication or network position is required beyond being able to send network traffic over a wilc1000 interface. The leak accumulates over time as packets are transmitted, eventually degrading system performance due to memory exhaustion [1].

Impact

An attacker with the ability to send network traffic through network traffic over a vulnerable system can cause a denial-of-service (DoS) condition by exhausting available kernel memory. The lack of skb freeing means each transmitted packet leaks kernel memory, which can lead to system instability or crash if left unmitigated [1].

Mitigation

Status

The fix is merged into the Linux kernel stable branches via commit 5706d00fde3f (among others). Affected users should update to a kernel version containing this patch. There is no known workaround other than applying the patch or avoiding use of the wilc1000 driver [2][3].