Sean Wang

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.10.100-fix-510-56778d365941-kasan **Description** A use-after-free issue has been identified in the Linux kernel, specifically in the mt76 module. The issue arises from the `mt76 txq schedule` function accessing a pointer to `wcid` after it has been freed. This is caught by the KASAN (Kernel Address Sanitizer) tool. The issue is related to the protection of `mtxq->wcid` with `rcu lock` between `mt76 txq schedule` and `sta info [alloc, free]`. **Recommendations** For Linux kernel versions prior to 5.10.100-fix-510-56778d365941-kasan, consider applying the fix that removes the non-RCU `wcid` pointer to resolve the use-after-free issue. As a temporary workaround, consider restricting access to the vulnerable `mt76 txq schedule` function until a patch is available.