CVE-2022-49934

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-49934
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49934.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-49934
Downstream
Related
Published
2025-06-18T10:54:36.161Z
Modified
2026-05-15T04:05:49.677259569Z
Summary
wifi: mac80211: Fix UAF in ieee80211_scan_rx()
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: Fix UAF in ieee80211scanrx()

ieee80211scanrx() tries to access scan_req->flags after a null check, but a UAF is observed when the scan is completed and _ieee80211scancompleted() executes, which then calls cfg80211scandone() leading to the freeing of scanreq.

Since scanreq is rcudereference()'d, prevent the racing in __ieee80211scancompleted() by ensuring that from mac80211's POV it is no longer accessed from an RCU read critical section before we call cfg80211scandone().

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49934.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.19.0
Fixed
4.9.330
Type
ECOSYSTEM
Events
Introduced
4.10.0
Fixed
4.14.295
Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
4.19.260
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.215
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.142
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.66
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
5.19.8

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49934.json"