CVE-2022-49942: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49942 is a vulnerability discovered in the Linux kernel's wifi/mac80211 subsystem, specifically affecting the Channel Switch Announcement (CSA) functionality in IBSS mode. The vulnerability was disclosed on June 18, 2025, and affects the Linux kernel's wireless networking components (NVD).

The vulnerability occurs when attempting to finalize Channel Switch Announcement (CSA) in IBSS mode while in a disconnected state. The issue arises because when not connected to a channel, the BSS list is empty, causing the for loop in cfg80211getbss() to be bypassed. This results in a NULL return value at line 1424 of net/wireless/scan.c, which triggers a WARNON() assertion in ieee80211ibsscsabeacon() at line 500 of net/mac80211/ibss.c (Wiz).

When triggered, this vulnerability results in a kernel warning and potential system instability. The issue specifically affects the wireless networking functionality in IBSS (Independent Basic Service Set) mode when handling channel switching operations (Wiz).

The vulnerability has been resolved by implementing a check in ieee80211ibssfinish_csa() to verify the existence of an active connection before attempting to generate the CSA beacon. This fix has been incorporated into various Linux distributions including Debian (versions bullseye, bookworm, and trixie) and Red Hat Enterprise Linux (Debian Security Tracker).