Use After Free Vulnerability in Linux Kernel Affecting WiFi Functionality
CVE-2022-49934

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 18 June 2025

What is CVE-2022-49934?

A use after free vulnerability exists in the Linux kernel's mac80211 subsystem. Specifically, in the ieee80211_scan_rx() function, a reference to scan_req->flags is made after a null check, leading to the risk of accessing freed memory when a WiFi scan completes. The vulnerability arises when __ieee80211_scan_completed() executes and calls cfg80211_scan_done(), ultimately freeing scan_req. To mitigate this issue, precautions must be enforced to avoid accessing scan_req within the RCU read critical section before calling cfg80211_scan_done(), ensuring system stability and integrity.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6eb181a64fdabf10be9e54de728876667da20255

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 78a07732fbb0934d14827d8f09b9aa6a49ee1aa9

References

https://git.kernel.org/stable/c/6eb181a64fdabf10be9e54de7...

https://git.kernel.org/stable/c/e0ff39448cea654843744c72c...

https://git.kernel.org/stable/c/78a07732fbb0934d14827d8f0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
May 1, 2025