CVE-2022-50533 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mlme: fix null-ptr deref on failed assoc If association to an AP without a link 0 fails, then we crash in tracing because it assumes that either ap_mld_addr or link 0 BSS is valid, since we clear sdata->vif.valid_links and then don't add the ap_mld_addr to the struct. Since we clear also sdata->vif.cfg.ap_addr, keep a local copy of it and assign it earlier, before clearing valid_links, to fix this.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/78a6a43aaf87180ec7425a2a90468e1b4d09a1ec
https://git.kernel.org/stable/c/bb7743955a929e44b308cc3f63f8cc03873c1bee
https://git.kernel.org/stable/c/c695dfba8dfb82dc7ace4f22be088916cbf621ca

History

Tue, 07 Oct 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mlme: fix null-ptr deref on failed assoc If association to an AP without a link 0 fails, then we crash in tracing because it assumes that either ap_mld_addr or link 0 BSS is valid, since we clear sdata->vif.valid_links and then don't add the ap_mld_addr to the struct. Since we clear also sdata->vif.cfg.ap_addr, keep a local copy of it and assign it earlier, before clearing valid_links, to fix this.
Title		wifi: mac80211: mlme: fix null-ptr deref on failed assoc
References		https://git.kernel.org/stable/c/78a6a43aaf87180ec7425a2a90468e1b4d09a1ec https://git.kernel.org/stable/c/bb7743955a929e44b308cc3f63f8cc03873c1bee https://git.kernel.org/stable/c/c695dfba8dfb82dc7ace4f22be088916cbf621ca

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-10-07T15:19:23.277Z

Updated: 2025-10-07T15:19:23.277Z

Reserved: 2025-10-07T15:15:38.664Z

Link: CVE-2022-50533

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-07T16:15:37.403

Modified: 2025-10-07T16:15:37.403

Link: CVE-2022-50533

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-50533", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-10-07T15:15:38.664Z", "datePublished": "2025-10-07T15:19:23.277Z", "dateUpdated": "2025-10-07T15:19:23.277Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-10-07T15:19:23.277Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mlme: fix null-ptr deref on failed assoc\n\nIf association to an AP without a link 0 fails, then we crash in\ntracing because it assumes that either ap_mld_addr or link 0 BSS\nis valid, since we clear sdata->vif.valid_links and then don't\nadd the ap_mld_addr to the struct.\n\nSince we clear also sdata->vif.cfg.ap_addr, keep a local copy of\nit and assign it earlier, before clearing valid_links, to fix\nthis."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mac80211/mlme.c"], "versions": [{"version": "81151ce462e533551f3284bfdb8e0f461c9220e6", "lessThan": "c695dfba8dfb82dc7ace4f22be088916cbf621ca", "status": "affected", "versionType": "git"}, {"version": "81151ce462e533551f3284bfdb8e0f461c9220e6", "lessThan": "bb7743955a929e44b308cc3f63f8cc03873c1bee", "status": "affected", "versionType": "git"}, {"version": "81151ce462e533551f3284bfdb8e0f461c9220e6", "lessThan": "78a6a43aaf87180ec7425a2a90468e1b4d09a1ec", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/mac80211/mlme.c"], "versions": [{"version": "6.0", "status": "affected"}, {"version": "0", "lessThan": "6.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.16", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.2", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.0.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.1.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.0", "versionEndExcluding": "6.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c695dfba8dfb82dc7ace4f22be088916cbf621ca"}, {"url": "https://git.kernel.org/stable/c/bb7743955a929e44b308cc3f63f8cc03873c1bee"}, {"url": "https://git.kernel.org/stable/c/78a6a43aaf87180ec7425a2a90468e1b4d09a1ec"}], "title": "wifi: mac80211: mlme: fix null-ptr deref on failed assoc", "x_generator": {"engine": "bippy-1.2.0"}}}}