We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-49934

wifi: mac80211: Fix UAF in ieee80211_scan_rx()



Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211_scan_rx() ieee80211_scan_rx() tries to access scan_req->flags after a null check, but a UAF is observed when the scan is completed and __ieee80211_scan_completed() executes, which then calls cfg80211_scan_done() leading to the freeing of scan_req. Since scan_req is rcu_dereference()'d, prevent the racing in __ieee80211_scan_completed() by ensuring that from mac80211's POV it is no longer accessed from an RCU read critical section before we call cfg80211_scan_done().

Reserved 2025-05-01 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 6eb181a64fdabf10be9e54de728876667da20255
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before e0ff39448cea654843744c72c6780293c5082cb1
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 78a07732fbb0934d14827d8f09b9aa6a49ee1aa9
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 9ad48cbf8b07f10c1e4a7a262b32a9179ae9dd2d
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 4abc8c07a065ecf771827bde3c63fbbe4aa0c08b
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 5d20c6f932f2758078d0454729129c894fe353e7
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before c0445feb80a4d0854898118fa01073701f8d356b
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 60deb9f10eec5c6a20252ed36238b55d8b614a2c
affected

Default status
affected

4.9.330
unaffected

4.14.295
unaffected

4.19.260
unaffected

5.4.215
unaffected

5.10.142
unaffected

5.15.66
unaffected

5.19.8
unaffected

6.0
unaffected

References

git.kernel.org/...c/6eb181a64fdabf10be9e54de728876667da20255

git.kernel.org/...c/e0ff39448cea654843744c72c6780293c5082cb1

git.kernel.org/...c/78a07732fbb0934d14827d8f09b9aa6a49ee1aa9

git.kernel.org/...c/9ad48cbf8b07f10c1e4a7a262b32a9179ae9dd2d

git.kernel.org/...c/4abc8c07a065ecf771827bde3c63fbbe4aa0c08b

git.kernel.org/...c/5d20c6f932f2758078d0454729129c894fe353e7

git.kernel.org/...c/c0445feb80a4d0854898118fa01073701f8d356b

git.kernel.org/...c/60deb9f10eec5c6a20252ed36238b55d8b614a2c

cve.org (CVE-2022-49934)

nvd.nist.gov (CVE-2022-49934)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2022-49934

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.