CVE-2022-50179

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue was identified in the Linux kernel, specifically in the ath9k hif usb rx cb function. This issue was reported by Syzbot and is related to incorrect initialization of htc handle->drv priv. The problem can be triggered by a probable call trace that involves the ath9k htc probe device function, where the priv pointer is freed, and later accessed in the ath9k hif usb rx cb function. The estimated number of potentially affected devices is not available.

Recommendations To resolve this issue, consider updating the Linux kernel to a version that includes the fix for the use-after-free issue in ath9k hif usb rx cb. As a temporary workaround, consider disabling the ath9k hif usb rx cb function until a patch is available. Additionally, restrict access to the vulnerable htc handle->drv priv initialization to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.