CVE-2022-49290: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49290 affects the Linux kernel's mac80211 subsystem, specifically related to mesh networking functionality. The vulnerability was introduced by a fix for a memory leak (commit 6a01afcf8468) but created a potential double-free condition when rejoining a mesh network. This issue was discovered and reported by Matthias Kretschmer (Kernel Git).

The vulnerability occurs in the mesh networking code where a double free can happen during mesh network operations. The issue manifests when ieee80211leavemesh() frees sdata->u.mesh.ie, followed by ieee80211joinmesh() attempting to free the same memory through copymeshsetup(). This double-free condition is particularly reproducible when using wpa_supplicant with an encrypted mesh network and executing specific mesh leave/join commands (NVD, Red Hat).

The vulnerability can lead to memory corruption and potential kernel panics when exploited. The issue is particularly impactful in systems using encrypted mesh networking, though it can be avoided in certain configurations where ifmsh->ie is NULL (Kernel Git).

The issue has been fixed by removing the kfree()ing of the mesh IE in the mesh join function and leaving it solely up to the mesh leave to free the mesh IE. The fix has been implemented in various kernel versions through backporting (Kernel Git).