-

CVE-2022-50179

EPSS 0.04%
Published 18.06.2025 11:03:28
Last modified 18.06.2025 13:47:40
Source 416baaa9-dc9f-4396-8d5f-8c081f
Teams watchlist Login
Open Login

In the Linux kernel, the following vulnerability has been resolved:

ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The
problem was in incorrect htc_handle->drv_priv initialization.

Probable call trace which can trigger use-after-free:

ath9k_htc_probe_device()
  /* htc_handle->drv_priv = priv; */
  ath9k_htc_wait_for_target()      <--- Failed
  ieee80211_free_hw()		   <--- priv pointer is freed

<IRQ>
...
ath9k_hif_usb_rx_cb()
  ath9k_hif_usb_rx_stream()
   RX_STAT_INC()		<--- htc_handle->drv_priv access

In order to not add fancy protection for drv_priv we can move
htc_handle->drv_priv initialization at the end of the
ath9k_htc_probe_device() and add helper macro to make
all *_STAT_* macros NULL safe, since syzbot has reported related NULL
deref in that macros [1]

Affected products Warnungen 0 Metrics 1 CWE 0 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorLinux

≫

Product Linux

Default Statusunaffected

Version < 62bc1ea5c7401d77eaf73d0c6a15f3d2e742856e

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < ab7a0ddf5f1cdec63cb21840369873806fc36d80

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < e9e21206b8ea62220b486310c61277e7ebfe7cec

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < eccd7c3e2596b574241a7670b5b53f5322f470e5

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < 03ca957c5f7b55660957eda20b5db4110319ac7a

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < 6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < b66ebac40f64336ae2d053883bee85261060bd27

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < 0ac4827f78c7ffe8eef074bc010e7e34bc22f533

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

VendorLinux

≫

Product Linux

Default Statusaffected

Version 2.6.35

Status affected

Version < 2.6.35

Version 0

Status unaffected

Version <= 4.14.*

Version 4.14.291

Status unaffected

Version <= 4.19.*

Version 4.19.256

Status unaffected

Version <= 5.4.*

Version 5.4.211

Status unaffected

Version <= 5.10.*

Version 5.10.137

Status unaffected

Version <= 5.15.*

Version 5.15.61

Status unaffected

Version <= 5.18.*

Version 5.18.18

Status unaffected

Version <= 5.19.*

Version 5.19.2

Status unaffected

Version <= *

Version 6.0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.094

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string

https://git.kernel.org/stable/c/62bc1ea5c7401d77eaf73d0c6a15f3d2e742856e

https://git.kernel.org/stable/c/ab7a0ddf5f1cdec63cb21840369873806fc36d80

https://git.kernel.org/stable/c/e9e21206b8ea62220b486310c61277e7ebfe7cec

https://git.kernel.org/stable/c/eccd7c3e2596b574241a7670b5b53f5322f470e5

https://git.kernel.org/stable/c/03ca957c5f7b55660957eda20b5db4110319ac7a

https://git.kernel.org/stable/c/6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6

https://git.kernel.org/stable/c/b66ebac40f64336ae2d053883bee85261060bd27

https://git.kernel.org/stable/c/0ac4827f78c7ffe8eef074bc010e7e34bc22f533

https://nvd.nist.gov/vuln/detail/CVE-2022-50179

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50179

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50179

EUVD