-
CVE-2022-50709
- EPSS 0.04%
- Veröffentlicht 24.12.2025 10:55:23
- Zuletzt bearbeitet 29.12.2025 15:58:56
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
syzbot is reporting uninit value at ath9k_htc_rx_msg() [1], for
ioctl(USB_RAW_IOCTL_EP_WRITE) can call ath9k_hif_usb_rx_stream() with
pkt_len = 0 but ath9k_hif_usb_rx_stream() uses
__dev_alloc_skb(pkt_len + 32, GFP_ATOMIC) based on an assumption that
pkt_len is valid. As a result, ath9k_hif_usb_rx_stream() allocates skb
with uninitialized memory and ath9k_htc_rx_msg() is reading from
uninitialized memory.
Since bytes accessed by ath9k_htc_rx_msg() is not known until
ath9k_htc_rx_msg() is called, it would be difficult to check minimal valid
pkt_len at "if (pkt_len > 2 * MAX_RX_BUF_SIZE) {" line in
ath9k_hif_usb_rx_stream().
We have two choices. One is to workaround by adding __GFP_ZERO so that
ath9k_htc_rx_msg() sees 0 if pkt_len is invalid. The other is to let
ath9k_htc_rx_msg() validate pkt_len before accessing. This patch chose
the latter.
Note that I'm not sure threshold condition is correct, for I can't find
details on possible packet length used by this protocol.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version <
f3d2a3b7e290d0bdbddfcee5a6c3d922e2b7e02a
Version
fb9987d0f748c983bb795a86f47522313f701a08
Status
affected
Version <
84242f15f911f34aec9b22f99d1e9bff19723dbe
Version
fb9987d0f748c983bb795a86f47522313f701a08
Status
affected
Version <
2c485f4f2a64258acc5228e78ffb828c68d9e770
Version
fb9987d0f748c983bb795a86f47522313f701a08
Status
affected
Version <
9661724f6206bd606ecf13acada676a9975d230b
Version
fb9987d0f748c983bb795a86f47522313f701a08
Status
affected
Version <
b1b4144508adfc585e43856b31baaf9008a3beb4
Version
fb9987d0f748c983bb795a86f47522313f701a08
Status
affected
Version <
0d2649b288b7b9484e3d4380c0d6c4720a17e473
Version
fb9987d0f748c983bb795a86f47522313f701a08
Status
affected
Version <
4891a50f5ed8bfcb8f2a4b816b0676f398687783
Version
fb9987d0f748c983bb795a86f47522313f701a08
Status
affected
Version <
b383e8abed41cc6ff1a3b34de75df9397fa4878c
Version
fb9987d0f748c983bb795a86f47522313f701a08
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
2.6.35
Status
affected
Version <
2.6.35
Version
0
Status
unaffected
Version <=
4.14.*
Version
4.14.296
Status
unaffected
Version <=
4.19.*
Version
4.19.262
Status
unaffected
Version <=
5.4.*
Version
5.4.220
Status
unaffected
Version <=
5.10.*
Version
5.10.150
Status
unaffected
Version <=
5.15.*
Version
5.15.75
Status
unaffected
Version <=
5.19.*
Version
5.19.17
Status
unaffected
Version <=
6.0.*
Version
6.0.3
Status
unaffected
Version <=
*
Version
6.1
Status
unaffected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.1 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|