CVE-2022-49123: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49123 is a vulnerability in the Linux kernel's ath11k wireless driver that involves a deadlock condition causing frame flush failures. The issue was discovered when the ath11k driver failed to flush management frames because the wmimgmttx_work process had no opportunity to run within the expected timeframe (Kernel Git).

The vulnerability occurs due to a deadlock scenario in the workqueue scheduling mechanism. When wmimgmttxwork is inserted into local->workqueue after sdata->work, and wpasupplicant acquires wdev->mtx in nl80211deauthenticate, it creates a situation where the system waits for management frames to be sent out by wmimgmttxwork. However, sdata->work becomes blocked by wdev->mtx in ieee80211stawork, preventing wmimgmttx_work from executing (Kernel Git).

The deadlock condition results in management frame transmission failures in the wireless network stack, which can lead to failed network operations and potential system hangs. This is evidenced by system warnings about failed management queue flushes and tasks being blocked for extended periods (Kernel Git).

The issue was resolved by modifying the workqueue usage in the ath11k driver. The fix involves changing from using local->workqueue to ab->workqueue for scheduling wmimgmttx_work, which prevents the deadlock condition from occurring (Kernel Git).