CVE-2022-49416

Summary

CVE-2022-44916 is a vulnerability affecting the Linux kernel's mac80211 component. In the function ieee80211_vif_use_reserved_context(), the freeing of an old context before checking its state can lead to a use-after-free condition. This occurs when the replace state of the new context is set to IEEE80211_CHANCTX_REPLACE_NONE, causing the old context to be freed in ieee80211_vif_use_reserved_reassign(). After this point, the old context should be set to NULL, but it is not, leaving it susceptible to unintended access. However, since the new context's replace state is not IEEE80211_CHANCTX_REPLACES_OTHER, no further actions are taken in this function, minimizing the potential impact.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.