CVE-2024-44997: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the Linux kernel's MediaTek Wireless Ethernet Device (WED) driver. The vulnerability (CVE-2024-44997) was identified in the mtk_wed_setup_tc_block_cb() function. The issue occurs when there are multiple AP interfaces on one band with WED enabled, where turning the interface down causes a kernel panic on MT798X devices. This vulnerability affects Linux kernel versions from 6.2 up to (excluding) 6.6.48, from 6.7 up to (excluding) 6.10.7, and versions 6.11-rc1 through 6.11-rc3 (NVD).

The vulnerability stems from a use-after-free condition where cb_priv was freed in mtk_wed_setup_tc_block() without being marked as NULL, and mtk_wed_setup_tc_block_cb() didn't check the value. This resulted in a kernel paging request failure at virtual address 0072460bca32b4f5. The issue has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, Kernel Patch).

The vulnerability can lead to a kernel panic when specific conditions are met, potentially causing system crashes and denial of service. Given the CVSS score and vector, the vulnerability can potentially lead to high impacts on confidentiality, integrity, and availability of the affected system when successfully exploited (NVD).

The vulnerability has been patched by assigning NULL after freeing cb_priv in mtk_wed_setup_tc_block() and adding a NULL check in mtk_wed_setup_tc_block_cb(). The fix is available in the Linux kernel through commit db1b4bedb9b97c6d34b03d03815147c04fffe8b4 (Kernel Patch).