{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2022-50740", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-12-24T13:02:21.542Z", "datePublished": "2025-12-24T13:05:38.150Z", "dateUpdated": "2025-12-24T13:05:38.150Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-24T13:05:38.150Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()\n\nSyzkaller reports a long-known leak of urbs in\nath9k_hif_usb_dealloc_tx_urbs().\n\nThe cause of the leak is that usb_get_urb() is called but usb_free_urb()\n(or usb_put_urb()) is not called inside usb_kill_urb() as urb->dev or\nurb->ep fields have not been initialized and usb_kill_urb() returns\nimmediately.\n\nThe patch removes trying to kill urbs located in hif_dev->tx.tx_buf\nbecause hif_dev->tx.tx_buf is not supposed to contain urbs which are in\npending state (the pending urbs are stored in hif_dev->tx.tx_pending).\nThe tx.tx_lock is acquired so there should not be any changes in the list.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/ath/ath9k/hif_usb.c"], "versions": [{"version": "6f0706ef39fecc6bf56d67728fe0c94e26b43e9d", "lessThan": "134ae5eba41294eff76e4be20d6001b8f0192207", "status": "affected", "versionType": "git"}, {"version": "795d57a558d106b8a5bc2bd7aeaf707d9a099244", "lessThan": "472312fef2b9eccaa03bd59e0ab2527da945e736", "status": "affected", "versionType": "git"}, {"version": "df4318440c1568b7dedc5f7d4e617d0e297a1313", "lessThan": "eddbb8f7620f9f8008b090a6e10c460074ca575a", "status": "affected", "versionType": "git"}, {"version": "a9990ed2d7ca9339d37c7f67d6f5cb298c3f1b34", "lessThan": "9850791d389b342ae6e573fe8198db0b4d338352", "status": "affected", "versionType": "git"}, {"version": "03fb92a432ea5abe5909bca1455b7e44a9380480", "lessThan": "c3fb3e9a2c0c1a0fa492d90eb19bcfa92a5f884d", "status": "affected", "versionType": "git"}, {"version": "03fb92a432ea5abe5909bca1455b7e44a9380480", "lessThan": "d856f7574bcc1d81de565a857caf32f122cd7ce0", "status": "affected", "versionType": "git"}, {"version": "03fb92a432ea5abe5909bca1455b7e44a9380480", "lessThan": "c05189a429fdb371dd455c3c466d67ac2ebff152", "status": "affected", "versionType": "git"}, {"version": "03fb92a432ea5abe5909bca1455b7e44a9380480", "lessThan": "08aa0537ec8cf29ceccae98acc1a534fc12598c1", "status": "affected", "versionType": "git"}, {"version": "03fb92a432ea5abe5909bca1455b7e44a9380480", "lessThan": "c2a94de38c74e86f49124ac14f093d6a5c377a90", "status": "affected", "versionType": "git"}, {"version": "b92e116ae36f498858dbb18e29a066c3f5348965", "status": "affected", "versionType": "git"}, {"version": "7f5972267295fe49f8da8eb42bc2eb3d140860c0", "status": "affected", "versionType": "git"}, {"version": "2d72d5ce63c92f56b9f978e8befb5838144176b9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/ath/ath9k/hif_usb.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.337", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.303", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.270", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.229", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.163", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.86", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.0.16", "lessThanOrEqual": "6.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.2", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.241", "versionEndExcluding": "4.9.337"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.203", "versionEndExcluding": "4.14.303"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.154", "versionEndExcluding": "4.19.270"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.73", "versionEndExcluding": "5.4.229"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.10.163"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.15.86"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.0.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.1.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.241"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9.2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/134ae5eba41294eff76e4be20d6001b8f0192207"}, {"url": "https://git.kernel.org/stable/c/472312fef2b9eccaa03bd59e0ab2527da945e736"}, {"url": "https://git.kernel.org/stable/c/eddbb8f7620f9f8008b090a6e10c460074ca575a"}, {"url": "https://git.kernel.org/stable/c/9850791d389b342ae6e573fe8198db0b4d338352"}, {"url": "https://git.kernel.org/stable/c/c3fb3e9a2c0c1a0fa492d90eb19bcfa92a5f884d"}, {"url": "https://git.kernel.org/stable/c/d856f7574bcc1d81de565a857caf32f122cd7ce0"}, {"url": "https://git.kernel.org/stable/c/c05189a429fdb371dd455c3c466d67ac2ebff152"}, {"url": "https://git.kernel.org/stable/c/08aa0537ec8cf29ceccae98acc1a534fc12598c1"}, {"url": "https://git.kernel.org/stable/c/c2a94de38c74e86f49124ac14f093d6a5c377a90"}], "title": "wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()\n\nSyzkaller reports a long-known leak of urbs in\nath9k_hif_usb_dealloc_tx_urbs().\n\nThe cause of the leak is that usb_get_urb() is called but usb_free_urb()\n(or usb_put_urb()) is not called inside usb_kill_urb() as urb->dev or\nurb->ep fields have not been initialized and usb_kill_urb() returns\nimmediately.\n\nThe patch removes trying to kill urbs located in hif_dev->tx.tx_buf\nbecause hif_dev->tx.tx_buf is not supposed to contain urbs which are in\npending state (the pending urbs are stored in hif_dev->tx.tx_pending).\nThe tx.tx_lock is acquired so there should not be any changes in the list.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."}], "id": "CVE-2022-50740", "lastModified": "2025-12-24T13:16:00.703", "metrics": {}, "published": "2025-12-24T13:16:00.703", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/08aa0537ec8cf29ceccae98acc1a534fc12598c1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/134ae5eba41294eff76e4be20d6001b8f0192207"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/472312fef2b9eccaa03bd59e0ab2527da945e736"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9850791d389b342ae6e573fe8198db0b4d338352"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c05189a429fdb371dd455c3c466d67ac2ebff152"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c2a94de38c74e86f49124ac14f093d6a5c377a90"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c3fb3e9a2c0c1a0fa492d90eb19bcfa92a5f884d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d856f7574bcc1d81de565a857caf32f122cd7ce0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/eddbb8f7620f9f8008b090a6e10c460074ca575a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}