CVE-2022-50709

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ath9k module related to handling of packet lengths in the ath9k htc rx msg() function. Specifically, the issue arises when the ath9k hif usb rx stream() function allocates a socket buffer (skb) with uninitialized memory due to an invalid packet length (pkt len) provided during an ioctl(USB RAW IOCTL EP WRITE) operation. This leads to a potential uninitialized memory read within ath9k htc rx msg(). The issue occurs because the function attempts to access memory without proper validation of the pkt len value.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.