CVE-2022-1679

HIGH

Linux Kernel 2.6.35-4.14.291 - Use-After-Free in Atheros Wireless Adapter Driver

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-1679. PoCs published by ov3rwatch, EkamSinghWalia.

AI-analyzed exploit summary This repository contains a detection and mitigation script for CVE-2022-1679, a use-after-free flaw in the Linux kernel's ath9k driver. The script checks if the vulnerable module is blacklisted and offers to apply the mitigation.

Description

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.

Exploits (2)

nomisec SCANNER
by ov3rwatch · poc
https://github.com/ov3rwatch/Detection-and-Mitigation-for-CVE-2022-1679

This repository contains a detection and mitigation script for CVE-2022-1679, a use-after-free flaw in the Linux kernel's ath9k driver. The script checks if the vulnerable module is blacklisted and offers to apply the mitigation.

Classification
Scanner 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Linux kernel with ath9k driver
Auth required
Prerequisites: Local access to the system · Root privileges to apply mitigation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by EkamSinghWalia · poc
https://github.com/EkamSinghWalia/-Detection-and-Mitigation-for-CVE-2022-1679

This repository contains a detection and mitigation script for CVE-2022-1679, a use-after-free flaw in the Linux kernel's Atheros wireless adapter driver. The script checks if the vulnerable module is blacklisted and offers to apply the mitigation.

Classification
Scanner 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Linux kernel with ath9k driver
Auth required
Prerequisites: Local access to the system · Root privileges to modify /etc/modprobe.d/blacklist.conf
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html

Scores

CVSS v3 7.8
EPSS 0.0080
EPSS Percentile 51.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (10)
debian/debian_linux 10.0
linux/linux_kernel 2.6.35 - 4.14.291
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
netapp/h700e_firmware
netapp/h700s_firmware
Published May 16, 2022
Tracked Since Feb 18, 2026