CVE-2022-50665

EPSS 0.02%
Veröffentlicht 09.12.2025 01:29:15
Zuletzt bearbeitet 09.12.2025 18:37:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath11k: fix failed to find the peer with peer_id 0 when disconnected

It has a fail log which is ath11k_dbg in ath11k_dp_rx_process_mon_status(),
as below, it will not print when debug_mask is not set ATH11K_DBG_DATA.
	ath11k_dbg(ab, ATH11K_DBG_DATA,
		  "failed to find the peer with peer_id %d\n",
		   ppdu_info.peer_id);

When run scan with station disconnected, the peer_id is 0 for case
HAL_RX_MPDU_START in ath11k_hal_rx_parse_mon_status_tlv() which called
from ath11k_dp_rx_process_mon_status(), and the peer_id of ppdu_info is
reset to 0 in the while loop, so it does not match condition of the
check "if (ppdu_info->peer_id == HAL_INVALID_PEERID" in the loop, and
then the log "failed to find the peer with peer_id 0" print after the
check in the loop, it is below call stack when debug_mask is set
ATH11K_DBG_DATA.

The reason is this commit 01d2f285e3e5 ("ath11k: decode HE status tlv")
add "memset(ppdu_info, 0, sizeof(struct hal_rx_mon_ppdu_info))" in
ath11k_dp_rx_process_mon_status(), but the commit does not initialize
the peer_id to HAL_INVALID_PEERID, then lead the check mis-match.

Callstack of the failed log:
[12335.689072] RIP: 0010:ath11k_dp_rx_process_mon_status+0x9ea/0x1020 [ath11k]
[12335.689157] Code: 89 ff e8 f9 10 00 00 be 01 00 00 00 4c 89 f7 e8 dc 4b 4e de 48 8b 85 38 ff ff ff c7 80 e4 07 00 00 01 00 00 00 e9 20 f8 ff ff <0f> 0b 41 0f b7 96 be 06 00 00 48 c7 c6 b8 50 44 c1 4c 89 ff e8 fd
[12335.689180] RSP: 0018:ffffb874001a4ca0 EFLAGS: 00010246
[12335.689210] RAX: 0000000000000000 RBX: ffff995642cbd100 RCX: 0000000000000000
[12335.689229] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff99564212cd18
[12335.689248] RBP: ffffb874001a4dc0 R08: 0000000000000001 R09: 0000000000000000
[12335.689268] R10: 0000000000000220 R11: ffffb874001a48e8 R12: ffff995642473d40
[12335.689286] R13: ffff99564212c5b8 R14: ffff9956424736a0 R15: ffff995642120000
[12335.689303] FS:  0000000000000000(0000) GS:ffff995739000000(0000) knlGS:0000000000000000
[12335.689323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[12335.689341] CR2: 00007f43c5d5e039 CR3: 000000011c012005 CR4: 00000000000606e0
[12335.689360] Call Trace:
[12335.689377]  <IRQ>
[12335.689418]  ? rcu_read_lock_held_common+0x12/0x50
[12335.689447]  ? rcu_read_lock_sched_held+0x25/0x80
[12335.689471]  ? rcu_read_lock_held_common+0x12/0x50
[12335.689504]  ath11k_dp_rx_process_mon_rings+0x8d/0x4f0 [ath11k]
[12335.689578]  ? ath11k_dp_rx_process_mon_rings+0x8d/0x4f0 [ath11k]
[12335.689653]  ? lock_acquire+0xef/0x360
[12335.689681]  ? rcu_read_lock_sched_held+0x25/0x80
[12335.689713]  ath11k_dp_service_mon_ring+0x38/0x60 [ath11k]
[12335.689784]  ? ath11k_dp_rx_process_mon_rings+0x4f0/0x4f0 [ath11k]
[12335.689860]  call_timer_fn+0xb2/0x2f0
[12335.689897]  ? ath11k_dp_rx_process_mon_rings+0x4f0/0x4f0 [ath11k]
[12335.689970]  run_timer_softirq+0x21f/0x540
[12335.689999]  ? ktime_get+0xad/0x160
[12335.690025]  ? lapic_next_deadline+0x2c/0x40
[12335.690053]  ? clockevents_program_event+0x82/0x100
[12335.690093]  __do_softirq+0x151/0x4a8
[12335.690135]  irq_exit_rcu+0xc9/0x100
[12335.690165]  sysvec_apic_timer_interrupt+0xa8/0xd0
[12335.690189]  </IRQ>
[12335.690204]  <TASK>
[12335.690225]  asm_sysvec_apic_timer_interrupt+0x12/0x20

Reset the default value to HAL_INVALID_PEERID each time after memset
of ppdu_info as well as others memset which existed in function
ath11k_dp_rx_process_mon_status(), then the failed log disappeared.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c0bb97a90b133416b50b3ffbdb7efca9253cc687

Version 01d2f285e3e5b629df9c61514e7ee07a54d0eed9

Status affected

Version < a5b03df19041e5ce35c7f048fa84bf1b0ceb1311

Version 01d2f285e3e5b629df9c61514e7ee07a54d0eed9

Status affected

Version < a20ed60bb357776301c2dad7b4a4f0db97e143e9

Version 01d2f285e3e5b629df9c61514e7ee07a54d0eed9

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.18

Status affected

Version < 5.18

Version 0

Status unaffected

Version <= 5.19.*

Version 5.19.17

Status unaffected

Version <= 6.0.*

Version 6.0.3

Status unaffected

Version <= *

Version 6.1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/c0bb97a90b133416b50b3ffbdb7efca9253cc687

https://git.kernel.org/stable/c/a5b03df19041e5ce35c7f048fa84bf1b0ceb1311

https://git.kernel.org/stable/c/a20ed60bb357776301c2dad7b4a4f0db97e143e9

https://nvd.nist.gov/vuln/detail/CVE-2022-50665

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50665

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50665

EUVD