CVE-2022-49129
Published: 26 February 2025
Summary
CVE-2022-49129 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 7.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).
Deeper analysis
CVE-2022-49129 is a use-after-free vulnerability (CWE-416) in the Linux kernel's mt76 driver for the mt7921 WiFi chipset. The flaw arises when the network interface card (NIC) fails to start, potentially leaving a scheduled reset_work item uncanceled. This can lead to a use-after-free crash if cleanup is invoked before the work item executes.
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, score 7.8). Successful exploitation could result in high impacts to confidentiality, integrity, and availability, such as system crashes or potentially more severe compromise.
Kernel stable patches resolve the issue by ensuring the reset_work item is canceled before cleanup. Relevant commits include https://git.kernel.org/stable/c/38fbe806645090c07aa97171f20fc62c3d7d3a98, https://git.kernel.org/stable/c/827e7799c61b978fbc2cc9dac66cb62401b2b3f0, https://git.kernel.org/stable/c/ac1260b661c2ef0d0a56680cdb5672b931b7be8f, and https://git.kernel.org/stable/c/c1a5e6002ec441a3b9fb4d048b4b49ae93409a46.
The patch prevents OS crashes on an x86_64 APU2 system with an mt7921k radio during startup failures, though the radio itself may still fail to operate.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-54483
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix crash when startup fails. If the nic fails to start, it is possible that the reset_work has already been scheduled. Ensure the work item is canceled so…
more
we do not have use-after-free crash in case cleanup is called before the work item is executed. This fixes crash on my x86_64 apu2 when mt7921k radio fails to work. Radio still fails, but OS does not crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel use-after-free enables privilege escalation via exploitation (T1068) and system crashes via targeted exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the use-after-free vulnerability by applying kernel patches that cancel the scheduled reset_work item before cleanup during mt7921 NIC startup failures.
Implements memory safeguards like ASLR and DEP to mitigate exploitation of the use-after-free in the mt76 driver even if the flaw remains unpatched.
Enforces secure error handling during device startup failures to prevent scenarios where scheduled work items are not canceled, avoiding the use-after-free condition.