CVE-2022-50852

Vulnerability

Analysis

The vulnerability is a use-after-free bug in the function mt7921_acpi_read() within the Linux kernel's mt76 wireless driver for MediaTek MT7921 chipsets. The function dereferences a pointer (sar_root) after it has been freed, leading to a use-after-free condition. This is a classic memory corruption issue that can be triggered when the driver parses ACPI tables.

Exploitation

An attacker with local access and the ability to trigger the vulnerable code path (e.g., by inserting or removing a compatible WiFi device, or by manipulating ACPI tables if possible) could exploit this flaw. The vulnerability does not require authentication beyond local user access, and the attack surface is limited to systems with affected hardware and driver loaded.

Impact

Successful exploitation could allow an attacker to escalate privileges or cause a denial of service (system crash). The use-after-free can potentially be leveraged to achieve arbitrary code execution in kernel context, as is typical for this class of bugs.

Mitigation

The fix is included in the Linux kernel stable commit referenced in [1]. Users are advised to update their kernel to a version containing the patch. As of the publication date, no workaround is available besides updating.