We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-50179

ath9k: fix use-after-free in ath9k_hif_usb_rx_cb



Description

In the Linux kernel, the following vulnerability has been resolved: ath9k: fix use-after-free in ath9k_hif_usb_rx_cb Syzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The problem was in incorrect htc_handle->drv_priv initialization. Probable call trace which can trigger use-after-free: ath9k_htc_probe_device() /* htc_handle->drv_priv = priv; */ ath9k_htc_wait_for_target() <--- Failed ieee80211_free_hw() <--- priv pointer is freed <IRQ> ... ath9k_hif_usb_rx_cb() ath9k_hif_usb_rx_stream() RX_STAT_INC() <--- htc_handle->drv_priv access In order to not add fancy protection for drv_priv we can move htc_handle->drv_priv initialization at the end of the ath9k_htc_probe_device() and add helper macro to make all *_STAT_* macros NULL safe, since syzbot has reported related NULL deref in that macros [1]

Reserved 2025-06-18 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status
unaffected

fb9987d0f748c983bb795a86f47522313f701a08 before 62bc1ea5c7401d77eaf73d0c6a15f3d2e742856e
affected

fb9987d0f748c983bb795a86f47522313f701a08 before ab7a0ddf5f1cdec63cb21840369873806fc36d80
affected

fb9987d0f748c983bb795a86f47522313f701a08 before e9e21206b8ea62220b486310c61277e7ebfe7cec
affected

fb9987d0f748c983bb795a86f47522313f701a08 before eccd7c3e2596b574241a7670b5b53f5322f470e5
affected

fb9987d0f748c983bb795a86f47522313f701a08 before 03ca957c5f7b55660957eda20b5db4110319ac7a
affected

fb9987d0f748c983bb795a86f47522313f701a08 before 6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6
affected

fb9987d0f748c983bb795a86f47522313f701a08 before b66ebac40f64336ae2d053883bee85261060bd27
affected

fb9987d0f748c983bb795a86f47522313f701a08 before 0ac4827f78c7ffe8eef074bc010e7e34bc22f533
affected

Default status
affected

2.6.35
affected

Any version before 2.6.35
unaffected

4.14.291
unaffected

4.19.256
unaffected

5.4.211
unaffected

5.10.137
unaffected

5.15.61
unaffected

5.18.18
unaffected

5.19.2
unaffected

6.0
unaffected

References

git.kernel.org/...c/62bc1ea5c7401d77eaf73d0c6a15f3d2e742856e

git.kernel.org/...c/ab7a0ddf5f1cdec63cb21840369873806fc36d80

git.kernel.org/...c/e9e21206b8ea62220b486310c61277e7ebfe7cec

git.kernel.org/...c/eccd7c3e2596b574241a7670b5b53f5322f470e5

git.kernel.org/...c/03ca957c5f7b55660957eda20b5db4110319ac7a

git.kernel.org/...c/6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6

git.kernel.org/...c/b66ebac40f64336ae2d053883bee85261060bd27

git.kernel.org/...c/0ac4827f78c7ffe8eef074bc010e7e34bc22f533

cve.org (CVE-2022-50179)

nvd.nist.gov (CVE-2022-50179)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2022-50179

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.