CVE-2022-49519: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49519 affects the Linux kernel's ath10k wireless driver. The vulnerability involves a double free condition that occurs when firmware recovery (triggered by WMI timeout/crash) is followed by an immediate suspend event. The issue was discovered in 2022 and affects the ath10k driver's suspend/resume functionality (Kernel Commit).

The vulnerability is triggered when firmware recovery and suspend events occur in close succession. The firmware recovery process calls ath10kcorerestart() which invokes ath10khalt() for driver cleanup. If a suspend event occurs during recovery, the restart worker thread is frozen until suspend completes. The suspend event then triggers ath10kstop() which calls ath10khalt() again. This double invocation of ath10khalt() causes ath10khttrxfree() to be called twice, leading to a double free condition since ath10khttrxalloc was not called by the frozen restart worker thread (Kernel Commit).

The vulnerability can result in a kernel crash due to double freeing of memory resources. This could potentially lead to denial of service conditions on affected systems (Kernel Commit).

The issue has been fixed by modifying ath10kstop() to skip calling ath10khalt() when the driver state is ATH10KSTATERESTARTING. Additionally, for the RESTARTING state, ath10kwaitforsuspend() is called in ath10kstop() since this call is skipped in ath10kcorestop() for the RESTARTING state (Kernel Commit).