{"id":"CVE-2022-50678","summary":"wifi: brcmfmac: fix invalid address access when enabling SCAN log level","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix invalid address access when enabling SCAN log level\n\nThe variable i is changed when setting random MAC address and causes\ninvalid address access when printing the value of pi-\u003ereqs[i]-\u003ereqid.\n\nWe replace reqs index with ri to fix the issue.\n\n[  136.726473] Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000000\n[  136.737365] Mem abort info:\n[  136.740172]   ESR = 0x96000004\n[  136.743359]   Exception class = DABT (current EL), IL = 32 bits\n[  136.749294]   SET = 0, FnV = 0\n[  136.752481]   EA = 0, S1PTW = 0\n[  136.755635] Data abort info:\n[  136.758514]   ISV = 0, ISS = 0x00000004\n[  136.762487]   CM = 0, WnR = 0\n[  136.765522] user pgtable: 4k pages, 48-bit VAs, pgdp = 000000005c4e2577\n[  136.772265] [0000000000000000] pgd=0000000000000000\n[  136.777160] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[  136.782732] Modules linked in: brcmfmac(O) brcmutil(O) cfg80211(O) compat(O)\n[  136.789788] Process wificond (pid: 3175, stack limit = 0x00000000053048fb)\n[  136.796664] CPU: 3 PID: 3175 Comm: wificond Tainted: G           O      4.19.42-00001-g531a5f5 #1\n[  136.805532] Hardware name: Freescale i.MX8MQ EVK (DT)\n[  136.810584] pstate: 60400005 (nZCv daif +PAN -UAO)\n[  136.815429] pc : brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]\n[  136.821811] lr : brcmf_pno_config_sched_scans+0x67c/0xa80 [brcmfmac]\n[  136.828162] sp : ffff00000e9a3880\n[  136.831475] x29: ffff00000e9a3890 x28: ffff800020543400\n[  136.836786] x27: ffff8000b1008880 x26: ffff0000012bf6a0\n[  136.842098] x25: ffff80002054345c x24: ffff800088d22400\n[  136.847409] x23: ffff0000012bf638 x22: ffff0000012bf6d8\n[  136.852721] x21: ffff8000aced8fc0 x20: ffff8000ac164400\n[  136.858032] x19: ffff00000e9a3946 x18: 0000000000000000\n[  136.863343] x17: 0000000000000000 x16: 0000000000000000\n[  136.868655] x15: ffff0000093f3b37 x14: 0000000000000050\n[  136.873966] x13: 0000000000003135 x12: 0000000000000000\n[  136.879277] x11: 0000000000000000 x10: ffff000009a61888\n[  136.884589] x9 : 000000000000000f x8 : 0000000000000008\n[  136.889900] x7 : 303a32303d726464 x6 : ffff00000a1f957d\n[  136.895211] x5 : 0000000000000000 x4 : ffff00000e9a3942\n[  136.900523] x3 : 0000000000000000 x2 : ffff0000012cead8\n[  136.905834] x1 : ffff0000012bf6d8 x0 : 0000000000000000\n[  136.911146] Call trace:\n[  136.913623]  brcmf_pno_config_sched_scans+0x6cc/0xa80 [brcmfmac]\n[  136.919658]  brcmf_pno_start_sched_scan+0xa4/0x118 [brcmfmac]\n[  136.925430]  brcmf_cfg80211_sched_scan_start+0x80/0xe0 [brcmfmac]\n[  136.931636]  nl80211_start_sched_scan+0x140/0x308 [cfg80211]\n[  136.937298]  genl_rcv_msg+0x358/0x3f4\n[  136.940960]  netlink_rcv_skb+0xb4/0x118\n[  136.944795]  genl_rcv+0x34/0x48\n[  136.947935]  netlink_unicast+0x264/0x300\n[  136.951856]  netlink_sendmsg+0x2e4/0x33c\n[  136.955781]  __sys_sendto+0x120/0x19c","modified":"2026-04-02T08:28:42.011150Z","published":"2025-12-09T01:29:31.739Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0316-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0350-1","SUSE-SU-2026:0369-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50678.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1c12d47a9017a7745585b57b9b0fdc0d8c50978e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4d4dcfa6b4e85a878401f4fbae4cafc88cdcceb4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/50e45034c5802cedbf5b707364ea76ace29ad984"},{"type":"WEB","url":"https://git.kernel.org/stable/c/56a0ac48634155d2b866b99fba7e1dd8df4e2804"},{"type":"WEB","url":"https://git.kernel.org/stable/c/75995ce1c926ee87bf93d58977c766b4e7744715"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7ccb0529446ae68a8581916bfc95c353306d76ba"},{"type":"WEB","url":"https://git.kernel.org/stable/c/826405a911473b6ee8bd2aa891cb2f03a13efa17"},{"type":"WEB","url":"https://git.kernel.org/stable/c/aa666b68e73fc06d83c070d96180b9010cf5a960"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50678.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50678"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"efc2c1fa8e145b60a7805fa9b6c92ac0746fccc3"},{"fixed":"7ccb0529446ae68a8581916bfc95c353306d76ba"},{"fixed":"1c12d47a9017a7745585b57b9b0fdc0d8c50978e"},{"fixed":"56a0ac48634155d2b866b99fba7e1dd8df4e2804"},{"fixed":"50e45034c5802cedbf5b707364ea76ace29ad984"},{"fixed":"75995ce1c926ee87bf93d58977c766b4e7744715"},{"fixed":"4d4dcfa6b4e85a878401f4fbae4cafc88cdcceb4"},{"fixed":"826405a911473b6ee8bd2aa891cb2f03a13efa17"},{"fixed":"aa666b68e73fc06d83c070d96180b9010cf5a960"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50678.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.13.0"},{"fixed":"4.14.296"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.262"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.220"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.150"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.75"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"5.19.17"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.20.0"},{"fixed":"6.0.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50678.json"}}],"schema_version":"1.7.5"}