CVE-2022-49129 is a high-severity vulnerability in the Linux kernel specifically affecting the mt76 wireless driver, particularly the mt7921 chipset. The vulnerability arises from improper handling of the reset_work item when the network interface card (NIC) fails to start. In this scenario, the reset_work, which is a scheduled work item intended to reset the device, may already be queued when the NIC startup fails. If the cleanup routine is invoked before the scheduled work executes, the work item may be canceled improperly, leading to a use-after-free condition. This can cause the Linux kernel to crash, resulting in a denial of service. The issue was observed on x86_64 apu2 platforms where the mt7921k radio fails to initialize correctly. While the radio failure itself is not fixed by this patch, the kernel crash is prevented, improving system stability. The vulnerability is categorized under CWE-416 (Use After Free), indicating that memory is accessed after it has been freed, which can lead to unpredictable behavior including crashes or potential escalation of privileges if exploited. The CVSS v3.1 base score is 7.8, reflecting high severity with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, meaning the attack requires local access with low complexity, low privileges, no user interaction, and impacts confidentiality, integrity, and availability significantly. No known exploits are currently reported in the wild. The vulnerability affects specific Linux kernel versions containing the vulnerable mt76 driver code prior to the patch. The fix involves ensuring that the scheduled work item is properly canceled to avoid use-after-free conditions during NIC startup failure and cleanup sequences.

For European organizations relying on Linux-based systems with wireless hardware using the mt7921 chipset, this vulnerability poses a risk of system instability and denial of service due to kernel crashes. This can disrupt critical services, especially in environments where wireless connectivity is essential, such as enterprise networks, industrial control systems, or public infrastructure. The high impact on confidentiality, integrity, and availability means that attackers with local access could potentially exploit this flaw to crash systems, interrupt operations, or possibly escalate privileges if combined with other vulnerabilities. Although no exploits are known in the wild, the presence of this vulnerability increases the attack surface for insider threats or attackers who have gained limited access. For organizations in sectors such as finance, healthcare, and government within Europe, where Linux servers and devices are prevalent, unpatched systems could face operational disruptions and potential data exposure. The requirement for local access limits remote exploitation but does not eliminate risk in environments where attackers may have physical or remote local user access.

European organizations should prioritize applying the Linux kernel patches that address CVE-2022-49129 as soon as they become available from their Linux distribution vendors. Specifically, ensure that the mt76 driver is updated to the fixed version that properly handles the reset_work cancellation. Network administrators should audit systems to identify devices using the mt7921 chipset and verify kernel versions. For systems where immediate patching is not feasible, consider restricting local user access and implementing strict access controls to limit potential attackers' ability to exploit the vulnerability. Monitoring kernel logs for signs of NIC startup failures or unexpected crashes can help detect attempts to trigger this vulnerability. Additionally, organizations should review their wireless hardware inventory and consider hardware replacement or firmware updates if applicable. Employing endpoint protection solutions that can detect anomalous kernel behavior may provide additional defense. Finally, maintain robust incident response plans to quickly address any exploitation attempts.