{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Linux kernel: Denial of Service in mt7921e driver during module unload",
    "id" : "2425004",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425004"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.7",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-457",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nwifi: mt76: mt7921e: fix rmmod crash in driver reload test\nIn insmod/rmmod stress test, the following crash dump shows up immediately.\nThe problem is caused by missing mt76_dev in mt7921_pci_remove(). We\nshould make sure the drvdata is ready before probe() finished.\n[168.862789] ==================================================================\n[168.862797] BUG: KASAN: user-memory-access in try_to_grab_pending+0x59/0x480\n[168.862805] Write of size 8 at addr 0000000000006df0 by task rmmod/5361\n[168.862812] CPU: 7 PID: 5361 Comm: rmmod Tainted: G           OE     5.19.0-rc6 #1\n[168.862816] Hardware name: Intel(R) Client Systems NUC8i7BEH/NUC8BEB, 05/04/2020\n[168.862820] Call Trace:\n[168.862822]  <TASK>\n[168.862825]  dump_stack_lvl+0x49/0x63\n[168.862832]  print_report.cold+0x493/0x6b7\n[168.862845]  kasan_report+0xa7/0x120\n[168.862857]  kasan_check_range+0x163/0x200\n[168.862861]  __kasan_check_write+0x14/0x20\n[168.862866]  try_to_grab_pending+0x59/0x480\n[168.862870]  __cancel_work_timer+0xbb/0x340\n[168.862898]  cancel_work_sync+0x10/0x20\n[168.862902]  mt7921_pci_remove+0x61/0x1c0 [mt7921e]\n[168.862909]  pci_device_remove+0xa3/0x1d0\n[168.862914]  device_remove+0xc4/0x170\n[168.862920]  device_release_driver_internal+0x163/0x300\n[168.862925]  driver_detach+0xc7/0x1a0\n[168.862930]  bus_remove_driver+0xeb/0x2d0\n[168.862935]  driver_unregister+0x71/0xb0\n[168.862939]  pci_unregister_driver+0x30/0x230\n[168.862944]  mt7921_pci_driver_exit+0x10/0x1b [mt7921e]\n[168.862949]  __x64_sys_delete_module+0x2f9/0x4b0\n[168.862968]  do_syscall_64+0x38/0x90\n[168.862973]  entry_SYSCALL_64_after_hwframe+0x63/0xcd\nTest steps:\n1. insmode\n2. do not ifup\n3. rmmod quickly (within 1 second)", "A flaw was discovered in the mt76/mt7921e Wi-Fi driver in the Linux kernel where improper handling of driver data during module removal can lead to a crash. Under certain insmod/rmmod stress test conditions, the driver’s mt7921_pci_remove() function is called while the associated mt76_dev (driver private data) has not been properly initialized or is missing. When the workqueue cancellation logic attempts to access this uninitialized data, it triggers a KASAN BUG: user-memory-access, resulting in a kernel panic or hang." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:2951",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-477.10.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50714\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50714\nhttps://lore.kernel.org/linux-cve-announce/2025122415-CVE-2022-50714-32b3@gregkh/T" ],
  "name" : "CVE-2022-50714",
  "mitigation" : {
    "value" : "To mitigate this issue, if the `mt7921e` Wi-Fi hardware is not in use, prevent the `mt7921e` kernel module from loading. This can be achieved by blacklisting the module.\nCreate a file named `/etc/modprobe.d/blacklist-mt7921e.conf` with the following content:\n```\nblacklist mt7921e\n```\nAfter creating the file, regenerate the initramfs and reboot the system for the changes to take effect:\n```bash\ndr_acutereboot\n```\nWarning: Blacklisting this module may disable Wi-Fi functionality if your system relies on the mt7921e driver.",
    "lang" : "en:us"
  },
  "csaw" : false
}