CVE-2022-50829

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the Linux kernel’s ath9k driver related to the handling of skb (socket buffer) memory within the ath9k hif usb reg in cb() function. Specifically, the issue arises when an skb is freed in ath9k htc rx msg(), and a subsequent failure in usb submit urb() leads to an attempt to free the same skb again. Additionally, a memory leak can occur if alloc skb() fails, leaving rx buf unfreed while urb->context becomes NULL. The patch addresses this by removing unnecessary skb handling and clarifying skb processing, ensuring that ath9k htc rx msg() either frees the skb or passes its management to another callback function. This issue was discovered by the Linux Verification Center using Syzkaller.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.