CVE-2022-49328: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a use-after-free vulnerability (CVE-2022-49328) was discovered in the mt76 wireless driver. The issue occurs in mt76txqschedule when accessing mtxq->wcid between mt76txqschedule and stainfo[alloc, free] operations without proper RCU locking protection (Kernel Git).

The vulnerability is caused by improper handling of the wcid pointer in the mt76 driver's transmit queue scheduling code. The issue manifests when accessing the wcid field without proper RCU (Read-Copy-Update) lock protection between allocation and free operations. This was detected by the Kernel Address Sanitizer (KASAN) which reported a use-after-free bug in mt76txqschedule+0x204/0xaf8 when reading from an address that had been previously freed (Kernel Git).

A use-after-free vulnerability can lead to memory corruption, potentially resulting in system crashes or arbitrary code execution. In this specific case, the bug could cause system instability or crashes when using MediaTek MT76 wireless devices (Kernel Git).

The issue has been fixed by changing the wcid pointer to store only the index and using rcudereference to safely access the wcid structure. The fix involves modifying the mt76txq structure to store the wcid index instead of the pointer, and properly protecting access to the wcid structure using RCU locks (Kernel Git).