← back
CVE-2022-49479

mt76: fix tx status related use-after-free race on station removal

CVSS 7.8 HIGHEPSS 0.2%CWE-416
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Feb 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In the Linux kernel, the following vulnerability has been resolved: mt76: fix tx status related use-after-free race on station removal There is a small race window where ongoing tx activity can lead to a skb getting added to the status tracking idr after that idr has already been cleaned up, which will keep the wcid linked in the status poll list. Fix this by only adding status skbs if the wcid pointer is still assigned in dev->wcid, which gets cleared early by mt76_sta_pre_rcu_remove
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Linux · Linux