{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T15:35:41.761","vulnerabilities":[{"cve":{"id":"CVE-2022-49479","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-02-26T07:01:24.153","lastModified":"2025-03-24T19:59:14.917","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix tx status related use-after-free race on station removal\n\nThere is a small race window where ongoing tx activity can lead to a skb\ngetting added to the status tracking idr after that idr has already been\ncleaned up, which will keep the wcid linked in the status poll list.\nFix this by only adding status skbs if the wcid pointer is still assigned\nin dev->wcid, which gets cleared early by mt76_sta_pre_rcu_remove"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mt76: se corrige la ejecución de use-after-free relacionada con el estado de la tx al eliminar la estación. Hay una pequeña ventana de ejecución donde la actividad de tx en curso puede provocar que se agregue un skb al idr de seguimiento de estado después de que ese idr ya se haya limpiado, lo que mantendrá el wcid vinculado en la lista de sondeo de estado. Solucione esto agregando skbs de estado solo si el puntero wcid aún está asignado en dev->wcid, que se limpia antes con mt76_sta_pre_rcu_remove"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.17.14","matchCriteriaId":"15E2DD33-2255-4B76-9C15-04FF8CBAB252"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"5.18.3","matchCriteriaId":"8E122216-2E9E-4B3E-B7B8-D575A45BA3C2"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ddd426d72aca4054045a9bd3b80a4ce1d398f11f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ef7f9f894cfd0b2e471206409a529af4a26ddd55","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/fcfe1b5e162bf473c1d47760962cec8523c00466","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}