CVE-2022-49479 – This is a use-after-free vulnerability in the L... (How to Fix)

📋 TL;DR

This is a use-after-free vulnerability in the Linux kernel's mt76 wireless driver that occurs during station removal. It allows attackers with local access to potentially cause kernel crashes or execute arbitrary code. Systems using affected mt76 wireless drivers are vulnerable.

💻 Affected Systems

Products:

Linux kernel with mt76 wireless driver

Versions: Linux kernel versions before the fix commits

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using mt76 wireless drivers (MediaTek Wi-Fi chipsets)

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise via kernel code execution

🟠

Likely Case

Kernel panic or system crash causing denial of service

🟢

If Mitigated

Limited to denial of service if kernel hardening features are enabled

🌐 Internet-Facing: LOW - Requires local access to exploit

🏢 Internal Only: MEDIUM - Local attackers or malicious insiders could exploit this

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of wireless station management

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits ddd426d72aca, ef7f9f894cfd, or fcfe1b5e162b

Vendor Advisory: https://git.kernel.org/stable/c/ddd426d72aca4054045a9bd3b80a4ce1d398f11f

Restart Required: No

Instructions:

1. Update Linux kernel to version containing the fix commits
2. Rebuild kernel if using custom kernel
3. Load updated kernel module

🔧 Temporary Workarounds

Disable mt76 driver

all

Remove or blacklist the vulnerable mt76 kernel module

echo 'blacklist mt76' >> /etc/modprobe.d/blacklist-mt76.conf
rmmod mt76

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable drivers
Implement kernel hardening features like KASLR and SMEP/SMAP

🔍 How to Verify

Check if Vulnerable:

Check if mt76 module is loaded: lsmod | grep mt76

Check Version:

uname -r

Verify Fix Applied:

Check kernel version includes fix commits: uname -r and verify with git log

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Oops messages in dmesg
System crashes

Network Indicators:

Unusual wireless station disconnections

SIEM Query:

search 'kernel panic' OR 'Oops' OR 'general protection fault' in system logs

📊 Metadata

CVE ID: CVE-2022-49479

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.04% exploit probability (10.4th percentile)

Published: February 26, 2025

Last Updated: March 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49479, you might also want to check these: