CVE-2022-49328

Summary

CVE-2022-49328 is a vulnerability affecting the Linux kernel that has been addressed. The issue was a use-after-free in the 'mt76' driver's 'mt76_txq_schedule' function. This flaw was identified by KASAN and caused a read access to a memory location that had already been freed. The affected memory was allocated during the 'sta_info_alloc' process and was later released during 'sta_info_free'. The vulnerability was exploited by task 'mt76-tx phy0/883' and was reported to have occurred in function 'mt76_txq_schedule+0x204'. The exploitation led to kernel panic. The vulnerability has been mitigated by removing the non-RCU wcid pointer in 'mt76_txq_schedule', and protecting 'mtxq->wcid' with 'rcu_lock' between 'mt76_txq_schedule' and 'sta_info_[alloc, free]'.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.