CVE-2022-49479

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49479

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49479.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49479

Downstream

DEBIAN-CVE-2022-49479

SUSE-SU-2025:1176-1

SUSE-SU-2025:1241-1

UBUNTU-CVE-2022-49479

Related

Published

2025-02-26T02:13:20Z

Modified

2025-10-15T21:56:13.436793Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

mt76: fix tx status related use-after-free race on station removal

Details

In the Linux kernel, the following vulnerability has been resolved:

mt76: fix tx status related use-after-free race on station removal

There is a small race window where ongoing tx activity can lead to a skb getting added to the status tracking idr after that idr has already been cleaned up, which will keep the wcid linked in the status poll list. Fix this by only adding status skbs if the wcid pointer is still assigned in dev->wcid, which gets cleared early by mt76staprercuremove

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

bd1e3e7b693c17a04e7d2bd9119daa482b7c7720

Fixed

ef7f9f894cfd0b2e471206409a529af4a26ddd55

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

bd1e3e7b693c17a04e7d2bd9119daa482b7c7720

Fixed

ddd426d72aca4054045a9bd3b80a4ce1d398f11f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

bd1e3e7b693c17a04e7d2bd9119daa482b7c7720

Fixed

fcfe1b5e162bf473c1d47760962cec8523c00466

Affected versions

v5.*

v5.15

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.17.1

v5.17.10

v5.17.11

v5.17.12

v5.17.13

v5.17.2

v5.17.3

v5.17.4

v5.17.5

v5.17.6

v5.17.7

v5.17.8

v5.17.9

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.18.1

v5.18.2

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.17.14

Type: ECOSYSTEM
Events: Introduced

5.18.0

Fixed

5.18.3