CVE-2022-49238: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a use-after-free vulnerability (CVE-2022-49238) was discovered in the ath11k driver. The issue arose from a bug introduced by commit b4a0f54156ac which was intended to fix firmware crashes by changing the WMI command sequence for QCA6390/WCN6855 devices, but inadvertently skipped all peer delete operations. This led to a use-after-free condition because peer->sta was not set to NULL before being used later (Kernel Git, CISA).

The vulnerability occurs in the ath11k driver's peer management code. When a station disconnects from an AP for QCA6390/WCN6855 devices, the peer deletion process was incorrectly handled. The bug manifested as a KASAN (Kernel Address Sanitizer) warning indicating a use-after-free in ath11kdprxupdatepeer_stats function, where a read of size 8 was attempted at an address that had been previously freed (Kernel Git).

The vulnerability could lead to memory corruption in the kernel, potentially resulting in system crashes or other undefined behavior. The CVSS v3.1 base score is 7.8 (High), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The issue has been fixed by modifying the peer deletion process to only skip the WMIPEERDELETE_CMDID for QCA6390/WCN6855 devices, while still properly handling the peer->sta pointer. The fix was implemented in commit 212ad7cb7d75 (Kernel Git).