U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2022-49416 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211_vif_use_reserved_context(), when we have an old context and the new context's replace_state is set to IEEE80211_CHANCTX_REPLACE_NONE, we free the old context in ieee80211_vif_use_reserved_reassign(). Therefore, we cannot check the old_ctx anymore, so we should set it to NULL after this point. However, since the new_ctx replace state is clearly not IEEE80211_CHANCTX_REPLACES_OTHER, we're not going to do anything else in this function and can just return to avoid accessing the freed old_ctx.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/265bec4779a38b65e86a25120370f200822dfa76 Patch 
https://git.kernel.org/stable/c/2965c4cdf7ad9ce0796fac5e57debb9519ea721e Patch 
https://git.kernel.org/stable/c/4ba81e794f0fad6234f644c2da1ae14d5b95e1c4 Patch 
https://git.kernel.org/stable/c/4f05a9e15edcdf5b97e0d86ab6ecd5f187289f6c Patch 
https://git.kernel.org/stable/c/6118bbdf69f4718b02d26bbcf2e497eb66004331 Patch 
https://git.kernel.org/stable/c/82c8e7bbdd06c7ed58e22450cc5b37f33a25bb2c Patch 
https://git.kernel.org/stable/c/88cc8f963febe192d6ded9df7217f92f380b449a Patch 
https://git.kernel.org/stable/c/9f1e5cc85ad77e52f54049a94db0407445ae2a34 Patch 
https://git.kernel.org/stable/c/b79110f2bf6022e60e590d2e094728a8eec3e79e Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-416 Use After Free CISA-ADP  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2022-49416
NVD Published Date:
02/26/2025
NVD Last Modified:
03/24/2025
Source:
kernel.org