-
CVE-2022-50297
- EPSS 0.04%
- Published 15.09.2025 14:45:53
- Last modified 15.09.2025 15:22:27
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usb_endpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. (In this case there was an interrupt endpoint where the driver expected a bulk endpoint.) The kernel needs to be able to handle such devices without getting an internal error. usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 3 PID: 500 at drivers/usb/core/urb.c:493 usb_submit_urb+0xce2/0x1430 drivers/usb/core/urb.c:493 Modules linked in: CPU: 3 PID: 500 Comm: kworker/3:2 Not tainted 5.10.135-syzkaller #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Workqueue: events request_firmware_work_func RIP: 0010:usb_submit_urb+0xce2/0x1430 drivers/usb/core/urb.c:493 Call Trace: ath9k_hif_usb_alloc_rx_urbs drivers/net/wireless/ath/ath9k/hif_usb.c:908 [inline] ath9k_hif_usb_alloc_urbs+0x75e/0x1010 drivers/net/wireless/ath/ath9k/hif_usb.c:1019 ath9k_hif_usb_dev_init drivers/net/wireless/ath/ath9k/hif_usb.c:1109 [inline] ath9k_hif_usb_firmware_cb+0x142/0x530 drivers/net/wireless/ath/ath9k/hif_usb.c:1242 request_firmware_work_func+0x12e/0x240 drivers/base/firmware_loader/main.c:1097 process_one_work+0x9af/0x1600 kernel/workqueue.c:2279 worker_thread+0x61d/0x12f0 kernel/workqueue.c:2425 kthread+0x3b4/0x4a0 kernel/kthread.c:313 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:299 Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
932f0a5e829fb0b823f96d7fa9a0f4fc96660b77
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
d008a202a0528a058bac658e657c010ce8534f4a
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
d64436af0bc3c9e579be761d7684f228fb95f3bb
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
ca57748593ddd8e46d033fbaeb9d01ec533a6bfe
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
1824ccabee5445347b83642e4087cc2eca070343
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
c319196a0e34ed2e66d6f876f58d8d446335c2a7
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
2d2eccf52ea0215c8d386b62af0b5fd4fc122bd5
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
0b7e6d681e00a96cde2b32a15ffa70e1be2e3209
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
16ef02bad239f11f322df8425d302be62f0443ce
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version <=
4.9.*
Version
4.9.337
Status
unaffected
Version <=
4.14.*
Version
4.14.303
Status
unaffected
Version <=
4.19.*
Version
4.19.270
Status
unaffected
Version <=
5.4.*
Version
5.4.229
Status
unaffected
Version <=
5.10.*
Version
5.10.163
Status
unaffected
Version <=
5.15.*
Version
5.15.86
Status
unaffected
Version <=
6.0.*
Version
6.0.16
Status
unaffected
Version <=
6.1.*
Version
6.1.2
Status
unaffected
Version <=
*
Version
6.2
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.126 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|