CVE-2022-49479

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free race condition exists in the Linux kernel, specifically in the mt76 module, related to tx status on station removal. There is a small window where ongoing tx activity can lead to a skb being added to the status tracking idr after it has been cleaned up, keeping the wcid linked in the status poll list. This issue occurs due to the timing of when the wcid pointer is cleared in dev->wcid during mt76 sta pre rcu remove.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.