CVE-2022-49876

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A general-protection-fault issue occurs in the Linux kernel when the interface status is changed while the device is running. This issue is triggered by a race condition between two threads, where one thread sets sdata->bss to NULL while the other thread is still accessing sdata->bss->multicast to unicast. The problem arises because the sending queue continues to send packets after the interface status has been changed, leading to a null pointer dereference. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations As a temporary workaround, consider disabling the ieee80211 subif start xmit() function until a patch is available. Restrict access to the vulnerable mac80211 module to minimize the risk of exploitation. Avoid using the sdata->bss variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.