CVE-2022-50740

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a memory leak in the ath9k High-Speed USB (HIF USB) driver, specifically within the ath9k hif usb dealloc tx urbs() function. The issue stems from a failure to properly free USB URB (USB Request Block) resources when attempting to kill URBs. This occurs because usb get urb() is called, but the corresponding usb free urb() or usb put urb() is not executed under certain conditions, leading to a memory leak. The patch addresses this by preventing attempts to kill URBs located in hif dev->tx.tx buf, as these URBs should not be in a pending state. The fix ensures that URBs in a pending state are managed correctly, preventing the memory leak. This issue was discovered by the Linux Verification Center using Syzkaller.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.