CVE-2022-50740

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-50740
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50740.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50740
Downstream
Related
Published
2025-12-24T13:05:38.150Z
Modified
2026-03-12T03:26:48.198119Z
Summary
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath9k: hifusb: fix memory leak of urbs in ath9khifusbdealloctxurbs()

Syzkaller reports a long-known leak of urbs in ath9khifusbdealloctx_urbs().

The cause of the leak is that usbgeturb() is called but usbfreeurb() (or usbputurb()) is not called inside usbkillurb() as urb->dev or urb->ep fields have not been initialized and usbkillurb() returns immediately.

The patch removes trying to kill urbs located in hifdev->tx.txbuf because hifdev->tx.txbuf is not supposed to contain urbs which are in pending state (the pending urbs are stored in hifdev->tx.txpending). The tx.tx_lock is acquired so there should not be any changes in the list.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50740.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6f0706ef39fecc6bf56d67728fe0c94e26b43e9d
Fixed
134ae5eba41294eff76e4be20d6001b8f0192207
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
795d57a558d106b8a5bc2bd7aeaf707d9a099244
Fixed
472312fef2b9eccaa03bd59e0ab2527da945e736
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
df4318440c1568b7dedc5f7d4e617d0e297a1313
Fixed
eddbb8f7620f9f8008b090a6e10c460074ca575a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a9990ed2d7ca9339d37c7f67d6f5cb298c3f1b34
Fixed
9850791d389b342ae6e573fe8198db0b4d338352
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
03fb92a432ea5abe5909bca1455b7e44a9380480
Fixed
c3fb3e9a2c0c1a0fa492d90eb19bcfa92a5f884d
Fixed
d856f7574bcc1d81de565a857caf32f122cd7ce0
Fixed
c05189a429fdb371dd455c3c466d67ac2ebff152
Fixed
08aa0537ec8cf29ceccae98acc1a534fc12598c1
Fixed
c2a94de38c74e86f49124ac14f093d6a5c377a90
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b92e116ae36f498858dbb18e29a066c3f5348965
Last affected
7f5972267295fe49f8da8eb42bc2eb3d140860c0
Last affected
2d72d5ce63c92f56b9f978e8befb5838144176b9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50740.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.9.337
Type
ECOSYSTEM
Events
Introduced
4.10.0
Fixed
4.14.303
Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
4.19.270
Type
ECOSYSTEM
Events
Introduced
4.20.0
Fixed
5.4.229
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.163
Type
ECOSYSTEM
Events
Introduced
5.10.0
Fixed
5.15.86
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
6.0.16
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.2

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50740.json"