CVE-2022-49876: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2022-49876) has been identified in the Linux kernel's wifi mac80211 subsystem, specifically affecting the ieee80211subifstart_xmit() function. The issue was disclosed on May 1, 2025, and affects Linux kernel versions from 5.19 up to (excluding) 6.0.9, as well as versions 6.1-rc1 through 6.1-rc4 (NVD).

The vulnerability occurs when a device is running and the interface status is changed, triggering a general-protection-fault. The issue manifests in a race condition between two threads: Thread A executing ieee80211runtimechangeiftype() and Thread B executing processone_work(). When the interface status changes, the sending queue continues to send packets after bss is set to NULL, leading to an invalid access. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability leads to a general protection fault in the kernel, which can cause system instability or crashes. The issue specifically affects the wireless networking stack's ability to handle interface status changes while processing network packets (Wiz).

The vulnerability has been resolved in the Linux kernel through patches that fix the general-protection-fault in ieee80211subifstart_xmit(). Users should update their Linux kernel to a version that includes these fixes. For Red Hat Enterprise Linux 9, the fix has been deferred (Red Hat).