CVE-2022-50186
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-50186
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50186.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50186
- Downstream
- Related
- Published
- 2025-06-18T11:03:33Z
- Modified
- 2025-10-14T00:39:53.483390Z
- Summary
- ath11k: fix missing skb drop on htc_tx_completion error
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ath11k: fix missing skb drop on htctxcompletion error
On htctxcompletion error the skb is not dropped. This is wrong since the completionhandler logic expect the skb to be consumed anyway even when an error is triggered. Not freeing the skb on error is a memory leak since the skb won't be freed anywere else. Correctly free the packet on eid >= ATH11KHTCEPCOUNT before returning.
Tested-on: IPQ8074 hw2.0 AHB WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf951380a6022440335f668f85296096ba13071baFixeddda25326839d6e6b1fe59e79616149e44ea4eaa4
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf951380a6022440335f668f85296096ba13071baFixed1f1483361585ae7556492f50f83f038bbdf8c294
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedf951380a6022440335f668f85296096ba13071baFixede5646fe3b7ef739c392e59da7db6adf5e1fdef42
Affected versions
v5.*
v5.15
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.18.1
v5.18.10
v5.18.11
v5.18.12
v5.18.13
v5.18.14
v5.18.15
v5.18.16
v5.18.17
v5.18.2
v5.18.3
v5.18.4
v5.18.5
v5.18.6
v5.18.7
v5.18.8
v5.18.9
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8
v5.19.1
Database specific
{
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 455.0,
"function_hash": "83225829869806104015591000248388439361"
},
"id": "CVE-2022-50186-06a5724f",
"target": {
"function": "ath11k_htc_tx_completion_handler",
"file": "drivers/net/wireless/ath/ath11k/htc.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dda25326839d6e6b1fe59e79616149e44ea4eaa4"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 455.0,
"function_hash": "83225829869806104015591000248388439361"
},
"id": "CVE-2022-50186-65af304e",
"target": {
"function": "ath11k_htc_tx_completion_handler",
"file": "drivers/net/wireless/ath/ath11k/htc.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e5646fe3b7ef739c392e59da7db6adf5e1fdef42"
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"241574917898129830361687020214579273314",
"263083759834916260569556029252682715569",
"256061174912635236986033493408699511998",
"127130938320866879398923065203349182492",
"139439809847211143952892815254435754695"
]
},
"id": "CVE-2022-50186-849a6e28",
"target": {
"file": "drivers/net/wireless/ath/ath11k/htc.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f1483361585ae7556492f50f83f038bbdf8c294"
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"241574917898129830361687020214579273314",
"263083759834916260569556029252682715569",
"256061174912635236986033493408699511998",
"127130938320866879398923065203349182492",
"139439809847211143952892815254435754695"
]
},
"id": "CVE-2022-50186-b76baca7",
"target": {
"file": "drivers/net/wireless/ath/ath11k/htc.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dda25326839d6e6b1fe59e79616149e44ea4eaa4"
},
{
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"241574917898129830361687020214579273314",
"263083759834916260569556029252682715569",
"256061174912635236986033493408699511998",
"127130938320866879398923065203349182492",
"139439809847211143952892815254435754695"
]
},
"id": "CVE-2022-50186-db6b240d",
"target": {
"file": "drivers/net/wireless/ath/ath11k/htc.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e5646fe3b7ef739c392e59da7db6adf5e1fdef42"
},
{
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 455.0,
"function_hash": "83225829869806104015591000248388439361"
},
"id": "CVE-2022-50186-e850f34d",
"target": {
"function": "ath11k_htc_tx_completion_handler",
"file": "drivers/net/wireless/ath/ath11k/htc.c"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1f1483361585ae7556492f50f83f038bbdf8c294"
}
]
}