{"id":"CVE-2024-44997","summary":"net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()\n\nWhen there are multiple ap interfaces on one band and with WED on,\nturning the interface down will cause a kernel panic on MT798X.\n\nPreviously, cb_priv was freed in mtk_wed_setup_tc_block() without\nmarking NULL,and mtk_wed_setup_tc_block_cb() didn't check the value, too.\n\nAssign NULL after free cb_priv in mtk_wed_setup_tc_block() and check NULL\nin mtk_wed_setup_tc_block_cb().\n\n----------\nUnable to handle kernel paging request at virtual address 0072460bca32b4f5\nCall trace:\n mtk_wed_setup_tc_block_cb+0x4/0x38\n 0xffffffc0794084bc\n tcf_block_playback_offloads+0x70/0x1e8\n tcf_block_unbind+0x6c/0xc8\n...\n---------","modified":"2026-04-02T12:18:37.257221Z","published":"2024-09-04T19:54:42.181Z","related":["MGASA-2024-0309","MGASA-2024-0310","SUSE-SU-2024:3551-1","SUSE-SU-2024:3553-1","SUSE-SU-2024:3561-1","SUSE-SU-2024:3564-1","SUSE-SU-2025:20073-1","SUSE-SU-2025:20077-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44997.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/326a89321f9d5fe399fe6f9ff7c0fc766582a6a0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b453a4bbda03aa8741279c360ac82d1c3ac33548"},{"type":"WEB","url":"https://git.kernel.org/stable/c/db1b4bedb9b97c6d34b03d03815147c04fffe8b4"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44997.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-44997"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"799684448e3e1f57257a6155541e53510488f67b"},{"fixed":"326a89321f9d5fe399fe6f9ff7c0fc766582a6a0"},{"fixed":"b453a4bbda03aa8741279c360ac82d1c3ac33548"},{"fixed":"db1b4bedb9b97c6d34b03d03815147c04fffe8b4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-44997.json"}}],"schema_version":"1.7.5"}