CVE-2022-50179
- Source
- https://cve.org/CVERecord?id=CVE-2022-50179
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50179.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-50179
- Downstream
- Related
- Published
- 2025-06-18T11:03:28.841Z
- Modified
- 2026-03-20T11:22:37.792500Z
- Summary
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ath9k: fix use-after-free in ath9khifusbrxcb
Syzbot reported use-after-free Read in ath9khifusbrxcb() [0]. The problem was in incorrect htchandle->drvpriv initialization.
Probable call trace which can trigger use-after-free:
ath9khtcprobedevice() /* htchandle->drvpriv = priv; */ ath9khtcwaitfortarget() <--- Failed ieee80211free_hw() <--- priv pointer is freed
<IRQ> ... ath9khifusbrxcb() ath9khifusbrxstream() RXSTATINC() <--- htchandle->drvpriv access
In order to not add fancy protection for drvpriv we can move htchandle->drvpriv initialization at the end of the ath9khtcprobedevice() and add helper macro to make all STAT macros NULL safe, since syzbot has reported related NULL deref in that macros [1]
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50179.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/03ca957c5f7b55660957eda20b5db4110319ac7a
- https://git.kernel.org/stable/c/0ac4827f78c7ffe8eef074bc010e7e34bc22f533
- https://git.kernel.org/stable/c/62bc1ea5c7401d77eaf73d0c6a15f3d2e742856e
- https://git.kernel.org/stable/c/6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6
- https://git.kernel.org/stable/c/ab7a0ddf5f1cdec63cb21840369873806fc36d80
- https://git.kernel.org/stable/c/b66ebac40f64336ae2d053883bee85261060bd27
- https://git.kernel.org/stable/c/e9e21206b8ea62220b486310c61277e7ebfe7cec
- https://git.kernel.org/stable/c/eccd7c3e2596b574241a7670b5b53f5322f470e5
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50179.json
- https://nvd.nist.gov/vuln/detail/CVE-2022-50179
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedfb9987d0f748c983bb795a86f47522313f701a08Fixed62bc1ea5c7401d77eaf73d0c6a15f3d2e742856eFixedab7a0ddf5f1cdec63cb21840369873806fc36d80Fixede9e21206b8ea62220b486310c61277e7ebfe7cecFixedeccd7c3e2596b574241a7670b5b53f5322f470e5Fixed03ca957c5f7b55660957eda20b5db4110319ac7aFixed6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6Fixedb66ebac40f64336ae2d053883bee85261060bd27Fixed0ac4827f78c7ffe8eef074bc010e7e34bc22f533