Cyber Resilience

CVE-2022-49129

High

Published: 26 February 2025

Published
26 February 2025
Modified
25 March 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 7.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-49129 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).

Deeper analysis

CVE-2022-49129 is a use-after-free vulnerability (CWE-416) in the Linux kernel's mt76 driver for the mt7921 WiFi chipset. The flaw arises when the network interface card (NIC) fails to start, potentially leaving a scheduled reset_work item uncanceled. This can lead to a use-after-free crash if cleanup is invoked before the work item executes.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, score 7.8). Successful exploitation could result in high impacts to confidentiality, integrity, and availability, such as system crashes or potentially more severe compromise.

Kernel stable patches resolve the issue by ensuring the reset_work item is canceled before cleanup. Relevant commits include https://git.kernel.org/stable/c/38fbe806645090c07aa97171f20fc62c3d7d3a98, https://git.kernel.org/stable/c/827e7799c61b978fbc2cc9dac66cb62401b2b3f0, https://git.kernel.org/stable/c/ac1260b661c2ef0d0a56680cdb5672b931b7be8f, and https://git.kernel.org/stable/c/c1a5e6002ec441a3b9fb4d048b4b49ae93409a46.

The patch prevents OS crashes on an x86_64 APU2 system with an mt7921k radio during startup failures, though the radio itself may still fail to operate.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix crash when startup fails. If the nic fails to start, it is possible that the reset_work has already been scheduled. Ensure the work item is canceled so…

more

we do not have use-after-free crash in case cleanup is called before the work item is executed. This fixes crash on my x86_64 apu2 when mt7921k radio fails to work. Radio still fails, but OS does not crash.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Local kernel use-after-free enables privilege escalation via exploitation (T1068) and system crashes via targeted exploitation (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31419Same product: Linux Linux Kernel
CVE-2025-21883Same product: Linux Linux Kernel
CVE-2022-49196Same product: Linux Linux Kernel
CVE-2026-43056Same product: Linux Linux Kernel
CVE-2025-21791Same product: Linux Linux Kernel
CVE-2025-21751Same product: Linux Linux Kernel
CVE-2026-31511Same product: Linux Linux Kernel
CVE-2026-23171Same product: Linux Linux Kernel
CVE-2026-31580Same product: Linux Linux Kernel
CVE-2023-53023Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
4.16 — 5.15.34 · 5.16 — 5.16.20 · 5.17 — 5.17.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the use-after-free vulnerability by applying kernel patches that cancel the scheduled reset_work item before cleanup during mt7921 NIC startup failures.

prevent

Implements memory safeguards like ASLR and DEP to mitigate exploitation of the use-after-free in the mt76 driver even if the flaw remains unpatched.

prevent

Enforces secure error handling during device startup failures to prevent scenarios where scheduled work items are not canceled, avoiding the use-after-free condition.

References