CVE-2022-50164

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50164
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50164.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50164
Downstream
Related
Published
2025-06-18T11:03:18.943Z
Modified
2026-03-20T12:22:32.779491Z
Summary
wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: fix double listadd at iwlmvmmacwaketxqueue

After successfull station association, if station queues are disabled for some reason, the related lists are not emptied. So if some new element is added to the list in iwlmvmmacwaketx_queue, it can match with the old one and produce a BUG like this:

[ 46.535263] listadd corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388). [ 46.535283] ------------[ cut here ]------------ [ 46.535284] kernel BUG at lib/listdebug.c:26! [ 46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1 [ 46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN , BIOS A07 08/24/2012 [ 46.600336] RIP: 0010:__listaddvalid.cold+0x3d/0x3f [ 46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1 [ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286 [ 46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000 [ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff [ 46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666 [ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388 [ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0 [ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000 [ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0 [ 46.687422] Call Trace: [ 46.689906] <TASK> [ 46.691950] iwlmvmmacwaketxqueue+0xec/0x15c [iwlmvm] [ 46.697601] ieee80211queueskb+0x4b3/0x720 [mac80211] [ 46.702973] ? stainfoget+0x46/0x60 [mac80211] [ 46.707703] ieee80211tx+0xad/0x110 [mac80211] [ 46.712355] __ieee80211txskbtidband+0x71/0x90 [mac80211] ...

In order to avoid this problem, we must also remove the related lists when station queues are disabled.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50164.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
cfbc6c4c5b91c7725ef14465b98ac347d31f2334
Fixed
5cca5f714fe6cedd2df9d8451ad8df21e6464f62
Fixed
38d71acc15a2e72806b516380af0adb3830d4639
Fixed
4a40af2b0b9517fca7ae2a030c9c0a16836303c0
Fixed
ff068c25bf90d26f0aee1751553f18076b797e8d
Fixed
182d3c1385f44ba7c508bf5b1292a7fe96ad4e9e
Fixed
14a3aacf517a9de725dd3219dbbcf741e31763c4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50164.json"