CVE-2022-49416: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49416 is a use-after-free vulnerability discovered in the Linux kernel's wifi mac80211 subsystem. The issue occurs in the chanctx code, specifically within the ieee80211vifusereservedcontext() function, where an old context is accessed after being freed when the new context's replacestate is set to IEEE80211CHANCTXREPLACENONE (Kernel Git).

The vulnerability exists in the channel context handling code of the mac80211 subsystem. When ieee80211vifusereservedcontext() has an old context and the new context's replacestate is set to IEEE80211CHANCTXREPLACENONE, the old context is freed in ieee80211vifusereservedreassign(). However, the code continues to access old_ctx after this point, leading to a use-after-free condition. The issue was introduced in commit 5bcae31d9cb1 which implemented multi-vif in-place reservations (Kernel Git). The CVSS v3.1 base score for this vulnerability is 7.8 (High) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

This vulnerability could allow an attacker with local access to cause a use-after-free condition in the kernel's WiFi subsystem, potentially leading to privilege escalation, information disclosure, or system crashes. The high CVSS score indicates that successful exploitation could have severe consequences for system security and stability (NVD).

The vulnerability has been fixed by modifying the ieee80211vifusereservedcontext() function to return immediately after calling ieee80211vifusereservedreassign() or ieee80211vifusereservedassign(), preventing the use-after-free condition. The fix was implemented in the Linux kernel and distributed through various stable kernel releases (Kernel Git).