CVE-2022-49479

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Feb 26, 2025

Updated: Feb 27, 2025

CWE ID 416

Summary

CVE-2022-49479 is a vulnerability affecting the Linux kernel that has been addressed. This issue involves the mt76 driver, where a use-after-free race condition can occur during station removal. Specifically, if ongoing tx activity causes an skb to be added to the status tracking idr after it has already been cleaned up, then the wcid linked in the status poll list will remain active. This vulnerability has been mitigated by modifying the code to only add status skbs if the wcid pointer is still assigned to the device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Linux Kernel

Affected Vendors

LINUX

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3uvq5r
https://www.cve.org/CVERecord?id=CVE-2022-49479
https://nvd.nist.gov/vuln/detail/CVE-2022-49479

Back to Vulnerability Database