{"id":"CVE-2022-50740","summary":"wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()\n\nSyzkaller reports a long-known leak of urbs in\nath9k_hif_usb_dealloc_tx_urbs().\n\nThe cause of the leak is that usb_get_urb() is called but usb_free_urb()\n(or usb_put_urb()) is not called inside usb_kill_urb() as urb-\u003edev or\nurb-\u003eep fields have not been initialized and usb_kill_urb() returns\nimmediately.\n\nThe patch removes trying to kill urbs located in hif_dev-\u003etx.tx_buf\nbecause hif_dev-\u003etx.tx_buf is not supposed to contain urbs which are in\npending state (the pending urbs are stored in hif_dev-\u003etx.tx_pending).\nThe tx.tx_lock is acquired so there should not be any changes in the list.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.","modified":"2026-04-02T08:28:44.255619Z","published":"2025-12-24T13:05:38.150Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0473-1","SUSE-SU-2026:0617-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50740.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/08aa0537ec8cf29ceccae98acc1a534fc12598c1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/134ae5eba41294eff76e4be20d6001b8f0192207"},{"type":"WEB","url":"https://git.kernel.org/stable/c/472312fef2b9eccaa03bd59e0ab2527da945e736"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9850791d389b342ae6e573fe8198db0b4d338352"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c05189a429fdb371dd455c3c466d67ac2ebff152"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c2a94de38c74e86f49124ac14f093d6a5c377a90"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c3fb3e9a2c0c1a0fa492d90eb19bcfa92a5f884d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d856f7574bcc1d81de565a857caf32f122cd7ce0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eddbb8f7620f9f8008b090a6e10c460074ca575a"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50740.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50740"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6f0706ef39fecc6bf56d67728fe0c94e26b43e9d"},{"fixed":"134ae5eba41294eff76e4be20d6001b8f0192207"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"795d57a558d106b8a5bc2bd7aeaf707d9a099244"},{"fixed":"472312fef2b9eccaa03bd59e0ab2527da945e736"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"df4318440c1568b7dedc5f7d4e617d0e297a1313"},{"fixed":"eddbb8f7620f9f8008b090a6e10c460074ca575a"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"a9990ed2d7ca9339d37c7f67d6f5cb298c3f1b34"},{"fixed":"9850791d389b342ae6e573fe8198db0b4d338352"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"03fb92a432ea5abe5909bca1455b7e44a9380480"},{"fixed":"c3fb3e9a2c0c1a0fa492d90eb19bcfa92a5f884d"},{"fixed":"d856f7574bcc1d81de565a857caf32f122cd7ce0"},{"fixed":"c05189a429fdb371dd455c3c466d67ac2ebff152"},{"fixed":"08aa0537ec8cf29ceccae98acc1a534fc12598c1"},{"fixed":"c2a94de38c74e86f49124ac14f093d6a5c377a90"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"b92e116ae36f498858dbb18e29a066c3f5348965"},{"last_affected":"7f5972267295fe49f8da8eb42bc2eb3d140860c0"},{"last_affected":"2d72d5ce63c92f56b9f978e8befb5838144176b9"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50740.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.337"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.10.0"},{"fixed":"4.14.303"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.270"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.229"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.163"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.10.0"},{"fixed":"5.15.86"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"6.0.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-50740.json"}}],"schema_version":"1.7.5"}