CVE-2022-49129
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix crash when startup fails. If the nic fails to start, it is possible that the reset_work has already been scheduled. Ensure the work item is canceled so we do not have use-after-free crash in case cleanup is called before the work item is executed. This fixes crash on my x86_64 apu2 when mt7921k radio fails to work. Radio still fails, but OS does not crash.
Security Summary
CVE-2022-49129 is a use-after-free vulnerability (CWE-416) in the Linux kernel's mt76 driver for the mt7921 WiFi chipset. The flaw arises when the network interface card (NIC) fails to start, potentially leaving a scheduled reset_work item uncanceled. This can lead to a use-after-free crash if cleanup is invoked before the work item executes.
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, score 7.8). Successful exploitation could result in high impacts to confidentiality, integrity, and availability, such as system crashes or potentially more severe compromise.
Kernel stable patches resolve the issue by ensuring the reset_work item is canceled before cleanup. Relevant commits include https://git.kernel.org/stable/c/38fbe806645090c07aa97171f20fc62c3d7d3a98, https://git.kernel.org/stable/c/827e7799c61b978fbc2cc9dac66cb62401b2b3f0, https://git.kernel.org/stable/c/ac1260b661c2ef0d0a56680cdb5672b931b7be8f, and https://git.kernel.org/stable/c/c1a5e6002ec441a3b9fb4d048b4b49ae93409a46.
The patch prevents OS crashes on an x86_64 APU2 system with an mt7921k radio during startup failures, though the radio itself may still fail to operate.
Details
- CWE(s)