Home

Description

In the Linux kernel, the following vulnerability has been resolved: ath11k: fix netdev open race Make sure to allocate resources needed before registering the device. This specifically avoids having a racing open() trigger a BUG_ON() in mod_timer() when ath11k_mac_op_start() is called before the mon_reap_timer as been set up. I did not see this issue with next-20220310, but I hit it on every probe with next-20220511. Perhaps some timing changed in between. Here's the backtrace: [ 51.346947] kernel BUG at kernel/time/timer.c:990! [ 51.346958] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ... [ 51.578225] Call trace: [ 51.583293] __mod_timer+0x298/0x390 [ 51.589518] mod_timer+0x14/0x20 [ 51.595368] ath11k_mac_op_start+0x41c/0x4a0 [ath11k] [ 51.603165] drv_start+0x38/0x60 [mac80211] [ 51.610110] ieee80211_do_open+0x29c/0x7d0 [mac80211] [ 51.617945] ieee80211_open+0x60/0xb0 [mac80211] [ 51.625311] __dev_open+0x100/0x1c0 [ 51.631420] __dev_change_flags+0x194/0x210 [ 51.638214] dev_change_flags+0x24/0x70 [ 51.644646] do_setlink+0x228/0xdb0 [ 51.650723] __rtnl_newlink+0x460/0x830 [ 51.657162] rtnl_newlink+0x4c/0x80 [ 51.663229] rtnetlink_rcv_msg+0x124/0x390 [ 51.669917] netlink_rcv_skb+0x58/0x130 [ 51.676314] rtnetlink_rcv+0x18/0x30 [ 51.682460] netlink_unicast+0x250/0x310 [ 51.688960] netlink_sendmsg+0x19c/0x3e0 [ 51.695458] ____sys_sendmsg+0x220/0x290 [ 51.701938] ___sys_sendmsg+0x7c/0xc0 [ 51.708148] __sys_sendmsg+0x68/0xd0 [ 51.714254] __arm64_sys_sendmsg+0x28/0x40 [ 51.720900] invoke_syscall+0x48/0x120 Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3

PUBLISHED Reserved 2025-06-18 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status
unaffected

d5c65159f2895379e11ca13f62feabe93278985d (git) before a2c45f8c3d18269e641f0c7da2dde47ef8414034
affected

d5c65159f2895379e11ca13f62feabe93278985d (git) before eaff3946a86fc63280a30158a4ae1e141449817c
affected

d5c65159f2895379e11ca13f62feabe93278985d (git) before abb7dc8fbb27c15dcc927df56190f3c5ede58bd5
affected

d5c65159f2895379e11ca13f62feabe93278985d (git) before 307ce58270b3b50ca21cfcc910568429b06803f7
affected

d5c65159f2895379e11ca13f62feabe93278985d (git) before d4ba1ff87b17e81686ada8f429300876f55f95ad
affected

Default status
affected

5.6
affected

Any version before 5.6
unaffected

5.10.137 (semver)
unaffected

5.15.61 (semver)
unaffected

5.18.18 (semver)
unaffected

5.19.2 (semver)
unaffected

6.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/a2c45f8c3d18269e641f0c7da2dde47ef8414034

git.kernel.org/...c/eaff3946a86fc63280a30158a4ae1e141449817c

git.kernel.org/...c/abb7dc8fbb27c15dcc927df56190f3c5ede58bd5

git.kernel.org/...c/307ce58270b3b50ca21cfcc910568429b06803f7

git.kernel.org/...c/d4ba1ff87b17e81686ada8f429300876f55f95ad

cve.org (CVE-2022-50187)

nvd.nist.gov (CVE-2022-50187)

Download JSON