CVE-2022-49476: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel crash at mt7921_pci_remove The crash log shown it is possible that mt7921_irq_handler is called while devm_free_irq is being handled so mt76_free_device need to be postponed until devm_free_irq is completed to solve the crash we free the mt76 device too early. [ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 9299.339705] #PF: supervisor read access in kernel mode [ 9299.339735] #PF: error_code(0x0000) - not-present page [ 9299.339768] PGD 0 P4D 0 [ 9299.339786] Oops: 0000 [#1] SMP PTI [ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x86_64 #1 [ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022 [ 9299.339901] RIP: 0010:mt7921_irq_handler+0x1e/0x70 [mt7921e] [ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082 [ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5 [ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020 [ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011 [ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080 [ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228 [ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000 [ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0 [ 9299.340432] PKRU: 55555554 [ 9299.340449] Call Trace: [ 9299.340467] <TASK> [ 9299.340485] __free_irq+0x221/0x350 [ 9299.340527] free_irq+0x30/0x70 [ 9299.340553] devm_free_irq+0x55/0x80 [ 9299.340579] mt7921_pci_remove+0x2f/0x40 [mt7921e] [ 9299.340616] pci_device_remove+0x3b/0xa0 [ 9299.340651] __device_release_driver+0x17a/0x240 [ 9299.340686] device_driver_detach+0x3c/0xa0 [ 9299.340714] unbind_store+0x113/0x130 [ 9299.340740] kernfs_fop_write_iter+0x124/0x1b0 [ 9299.340775] new_sync_write+0x15c/0x1f0 [ 9299.340806] vfs_write+0x1d2/0x270 [ 9299.340831] ksys_write+0x67/0xe0 [ 9299.340857] do_syscall_64+0x3b/0x90 [ 9299.340887] entry_SYSCALL_64_after_hwframe+0x44/0xae
AI Analysis
Technical Summary
CVE-2022-49476 is a vulnerability in the Linux kernel specifically related to the mt76 wireless driver for the MediaTek MT7921 Wi-Fi chipset. The issue arises from a race condition during the removal of the PCI device, where the interrupt handler (mt7921_irq_handler) may be invoked concurrently while the device's IRQs are being freed (devm_free_irq). This leads to a premature freeing of the mt76 device structure before the IRQ handler has completed, causing a NULL pointer dereference and a kernel crash. The crash logs indicate a supervisor read access fault at a NULL pointer offset, which is symptomatic of use-after-free or dereferencing freed memory. The root cause is that the freeing of the mt76 device is not properly synchronized with the IRQ freeing process, resulting in the kernel attempting to access invalid memory. This vulnerability can cause system instability and denial of service (DoS) conditions due to kernel panics or oops events. The flaw affects Linux kernel versions containing the vulnerable mt76 driver implementation, notably around kernel version 5.15.14 as per the example log. The patch involves postponing the freeing of the mt76 device until after devm_free_irq completes, ensuring proper synchronization and preventing the race condition. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability is primarily a stability and availability issue rather than a direct confidentiality or integrity compromise vector.
Potential Impact
For European organizations, the impact of CVE-2022-49476 centers on system availability and reliability, especially for those relying on Linux-based systems with MediaTek MT7921 Wi-Fi chipsets. This includes servers, desktops, laptops, and embedded devices running vulnerable kernel versions. A kernel crash triggered by this vulnerability can lead to unexpected reboots or system downtime, disrupting business operations, critical services, or industrial control systems. Organizations with large-scale Linux deployments in networking, telecommunications, or IoT sectors may face increased risk of service interruptions. While this vulnerability does not appear to allow privilege escalation or remote code execution, the denial of service potential could be exploited by local attackers or automated processes to degrade system performance or availability. In environments where uptime and stability are critical, such as financial institutions, healthcare providers, or public infrastructure, this vulnerability could have significant operational consequences. Additionally, the vulnerability may complicate maintenance and patching cycles if devices require frequent reboots or manual intervention after crashes.
Mitigation Recommendations
To mitigate CVE-2022-49476, European organizations should: 1) Identify and inventory all Linux systems using the MediaTek MT7921 wireless chipset and verify kernel versions for vulnerability. 2) Apply the latest Linux kernel updates or patches that address this specific mt76 driver race condition as soon as they become available. If official patches are not yet released, consider backporting the fix from the mainline kernel or applying vendor-provided patches. 3) Implement strict change management and testing procedures to ensure kernel updates do not disrupt critical services. 4) Where possible, disable or remove the mt7921 wireless device if it is not essential, to eliminate the attack surface. 5) Monitor system logs for kernel oops or crash messages related to mt7921_irq_handler to detect potential exploitation or instability. 6) For virtualized environments (e.g., Xen HVM domU as in the example), ensure hypervisor and guest kernel compatibility and updates to prevent cascading failures. 7) Educate system administrators about the symptoms and recovery procedures related to this vulnerability to minimize downtime. These steps go beyond generic advice by focusing on chipset-specific mitigation, proactive detection, and operational continuity.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2022-49476: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix kernel crash at mt7921_pci_remove The crash log shown it is possible that mt7921_irq_handler is called while devm_free_irq is being handled so mt76_free_device need to be postponed until devm_free_irq is completed to solve the crash we free the mt76 device too early. [ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 9299.339705] #PF: supervisor read access in kernel mode [ 9299.339735] #PF: error_code(0x0000) - not-present page [ 9299.339768] PGD 0 P4D 0 [ 9299.339786] Oops: 0000 [#1] SMP PTI [ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x86_64 #1 [ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022 [ 9299.339901] RIP: 0010:mt7921_irq_handler+0x1e/0x70 [mt7921e] [ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082 [ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5 [ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020 [ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011 [ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080 [ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228 [ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000 [ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0 [ 9299.340432] PKRU: 55555554 [ 9299.340449] Call Trace: [ 9299.340467] <TASK> [ 9299.340485] __free_irq+0x221/0x350 [ 9299.340527] free_irq+0x30/0x70 [ 9299.340553] devm_free_irq+0x55/0x80 [ 9299.340579] mt7921_pci_remove+0x2f/0x40 [mt7921e] [ 9299.340616] pci_device_remove+0x3b/0xa0 [ 9299.340651] __device_release_driver+0x17a/0x240 [ 9299.340686] device_driver_detach+0x3c/0xa0 [ 9299.340714] unbind_store+0x113/0x130 [ 9299.340740] kernfs_fop_write_iter+0x124/0x1b0 [ 9299.340775] new_sync_write+0x15c/0x1f0 [ 9299.340806] vfs_write+0x1d2/0x270 [ 9299.340831] ksys_write+0x67/0xe0 [ 9299.340857] do_syscall_64+0x3b/0x90 [ 9299.340887] entry_SYSCALL_64_after_hwframe+0x44/0xae
AI-Powered Analysis
Technical Analysis
CVE-2022-49476 is a vulnerability in the Linux kernel specifically related to the mt76 wireless driver for the MediaTek MT7921 Wi-Fi chipset. The issue arises from a race condition during the removal of the PCI device, where the interrupt handler (mt7921_irq_handler) may be invoked concurrently while the device's IRQs are being freed (devm_free_irq). This leads to a premature freeing of the mt76 device structure before the IRQ handler has completed, causing a NULL pointer dereference and a kernel crash. The crash logs indicate a supervisor read access fault at a NULL pointer offset, which is symptomatic of use-after-free or dereferencing freed memory. The root cause is that the freeing of the mt76 device is not properly synchronized with the IRQ freeing process, resulting in the kernel attempting to access invalid memory. This vulnerability can cause system instability and denial of service (DoS) conditions due to kernel panics or oops events. The flaw affects Linux kernel versions containing the vulnerable mt76 driver implementation, notably around kernel version 5.15.14 as per the example log. The patch involves postponing the freeing of the mt76 device until after devm_free_irq completes, ensuring proper synchronization and preventing the race condition. There are no known exploits in the wild, and no CVSS score has been assigned yet. The vulnerability is primarily a stability and availability issue rather than a direct confidentiality or integrity compromise vector.
Potential Impact
For European organizations, the impact of CVE-2022-49476 centers on system availability and reliability, especially for those relying on Linux-based systems with MediaTek MT7921 Wi-Fi chipsets. This includes servers, desktops, laptops, and embedded devices running vulnerable kernel versions. A kernel crash triggered by this vulnerability can lead to unexpected reboots or system downtime, disrupting business operations, critical services, or industrial control systems. Organizations with large-scale Linux deployments in networking, telecommunications, or IoT sectors may face increased risk of service interruptions. While this vulnerability does not appear to allow privilege escalation or remote code execution, the denial of service potential could be exploited by local attackers or automated processes to degrade system performance or availability. In environments where uptime and stability are critical, such as financial institutions, healthcare providers, or public infrastructure, this vulnerability could have significant operational consequences. Additionally, the vulnerability may complicate maintenance and patching cycles if devices require frequent reboots or manual intervention after crashes.
Mitigation Recommendations
To mitigate CVE-2022-49476, European organizations should: 1) Identify and inventory all Linux systems using the MediaTek MT7921 wireless chipset and verify kernel versions for vulnerability. 2) Apply the latest Linux kernel updates or patches that address this specific mt76 driver race condition as soon as they become available. If official patches are not yet released, consider backporting the fix from the mainline kernel or applying vendor-provided patches. 3) Implement strict change management and testing procedures to ensure kernel updates do not disrupt critical services. 4) Where possible, disable or remove the mt7921 wireless device if it is not essential, to eliminate the attack surface. 5) Monitor system logs for kernel oops or crash messages related to mt7921_irq_handler to detect potential exploitation or instability. 6) For virtualized environments (e.g., Xen HVM domU as in the example), ensure hypervisor and guest kernel compatibility and updates to prevent cascading failures. 7) Educate system administrators about the symptoms and recovery procedures related to this vulnerability to minimize downtime. These steps go beyond generic advice by focusing on chipset-specific mitigation, proactive detection, and operational continuity.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.580Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982ec4522896dcbe5b7b
Added to database: 5/21/2025, 9:09:02 AM
Last enriched: 6/30/2025, 4:24:44 PM
Last updated: 7/31/2025, 5:16:47 PM
Views: 15
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.