CVE-2022-49479 is a high-severity use-after-free vulnerability in the Linux kernel's mt76 wireless driver, which handles certain MediaTek Wi-Fi chipsets. The flaw arises from a race condition during station removal where transmitted packet status tracking (tx status) can reference memory that has already been freed. Specifically, there is a timing window in which an skb (socket buffer) is added to the status tracking IDR (ID Radix tree) after the IDR has been cleaned up, causing the wireless client identifier (wcid) to remain linked in the status poll list erroneously. This use-after-free condition can lead to memory corruption, potentially allowing an attacker with low privileges and local access to cause a denial of service or escalate privileges by exploiting the corrupted memory. The fix involves ensuring that status skbs are only added if the wcid pointer is still assigned in the device's wcid array, which is cleared early during the station removal process (mt76_sta_pre_rcu_remove). The vulnerability affects specific Linux kernel versions identified by commit hashes and has a CVSS 3.1 score of 7.8, indicating high severity with high impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild. The vulnerability is classified under CWE-416 (Use After Free).

For European organizations, this vulnerability poses a significant risk especially for those relying on Linux-based systems with MediaTek Wi-Fi chipsets supported by the mt76 driver. Potential impacts include system crashes or kernel panics leading to denial of service, and possibly privilege escalation if exploited, which could compromise sensitive data confidentiality and system integrity. This is particularly critical for enterprises with wireless infrastructure in place for internal networks, IoT deployments, or edge computing devices running vulnerable Linux kernels. The vulnerability requires local low-privilege access but no user interaction, making it a concern for multi-user systems or environments where untrusted users have some access. Disruption of wireless connectivity or kernel instability could affect operational continuity in sectors such as manufacturing, healthcare, and critical infrastructure within Europe. Additionally, the high severity score underscores the need for prompt remediation to prevent potential exploitation as attackers may develop exploits once patches are widely available.

European organizations should prioritize patching affected Linux kernel versions by applying the official fixes that address the race condition in the mt76 driver. Since the vulnerability is tied to specific kernel commits, updating to the latest stable Linux kernel releases that include the fix is essential. Network administrators should audit their wireless hardware inventory to identify devices using MediaTek chipsets supported by mt76 and verify kernel versions in use. For environments where immediate patching is not feasible, consider disabling or restricting wireless interfaces using the mt76 driver to limit exposure. Employ kernel hardening techniques such as enabling Kernel Address Space Layout Randomization (KASLR) and Kernel Page Table Isolation (KPTI) to reduce exploitation risk. Monitoring system logs for unusual kernel errors or crashes related to wireless drivers can help detect attempted exploitation. Finally, implement strict access controls to limit local user privileges and reduce the attack surface.