{"id":"CVE-2022-50179","summary":"ath9k: fix use-after-free in ath9k_hif_usb_rx_cb","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nath9k: fix use-after-free in ath9k_hif_usb_rx_cb\n\nSyzbot reported use-after-free Read in ath9k_hif_usb_rx_cb() [0]. The\nproblem was in incorrect htc_handle-\u003edrv_priv initialization.\n\nProbable call trace which can trigger use-after-free:\n\nath9k_htc_probe_device()\n  /* htc_handle-\u003edrv_priv = priv; */\n  ath9k_htc_wait_for_target()      \u003c--- Failed\n  ieee80211_free_hw()\t\t   \u003c--- priv pointer is freed\n\n\u003cIRQ\u003e\n...\nath9k_hif_usb_rx_cb()\n  ath9k_hif_usb_rx_stream()\n   RX_STAT_INC()\t\t\u003c--- htc_handle-\u003edrv_priv access\n\nIn order to not add fancy protection for drv_priv we can move\nhtc_handle-\u003edrv_priv initialization at the end of the\nath9k_htc_probe_device() and add helper macro to make\nall *_STAT_* macros NULL safe, since syzbot has reported related NULL\nderef in that macros [1]","modified":"2026-04-03T13:14:52.181583Z","published":"2025-06-18T11:03:28.841Z","related":["SUSE-SU-2025:02264-1","SUSE-SU-2025:02308-1","SUSE-SU-2025:02320-1","SUSE-SU-2025:02321-1","SUSE-SU-2025:02322-1","SUSE-SU-2025:02334-1","SUSE-SU-2025:02537-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50179.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/03ca957c5f7b55660957eda20b5db4110319ac7a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/0ac4827f78c7ffe8eef074bc010e7e34bc22f533"},{"type":"WEB","url":"https://git.kernel.org/stable/c/62bc1ea5c7401d77eaf73d0c6a15f3d2e742856e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ab7a0ddf5f1cdec63cb21840369873806fc36d80"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b66ebac40f64336ae2d053883bee85261060bd27"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e9e21206b8ea62220b486310c61277e7ebfe7cec"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eccd7c3e2596b574241a7670b5b53f5322f470e5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50179.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50179"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fb9987d0f748c983bb795a86f47522313f701a08"},{"fixed":"62bc1ea5c7401d77eaf73d0c6a15f3d2e742856e"},{"fixed":"ab7a0ddf5f1cdec63cb21840369873806fc36d80"},{"fixed":"e9e21206b8ea62220b486310c61277e7ebfe7cec"},{"fixed":"eccd7c3e2596b574241a7670b5b53f5322f470e5"},{"fixed":"03ca957c5f7b55660957eda20b5db4110319ac7a"},{"fixed":"6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6"},{"fixed":"b66ebac40f64336ae2d053883bee85261060bd27"},{"fixed":"0ac4827f78c7ffe8eef074bc010e7e34bc22f533"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50179.json"}}],"schema_version":"1.7.5"}