Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-50627— wifi: ath11k: fix monitor mode bringup crash

EPSS 0.02% · P6
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-50627

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
wifi: ath11k: fix monitor mode bringup crash
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix monitor mode bringup crash When the interface is brought up in monitor mode, it leads to NULL pointer dereference crash. This crash happens when the packet type is extracted for a SKB. This extraction which is present in the received msdu delivery path,is not needed for the monitor ring packets since they are all RAW packets. Hence appending the flags with "RX_FLAG_ONLY_MONITOR" to skip that extraction. Observed calltrace: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000064 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048517000 [0000000000000064] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP Modules linked in: ath11k_pci ath11k qmi_helpers CPU: 2 PID: 1781 Comm: napi/-271 Not tainted 6.1.0-rc5-wt-ath-656295-gef907406320c-dirty #6 Hardware name: Qualcomm Technologies, Inc. IPQ8074/AP-HK10-C2 (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ath11k_hw_qcn9074_rx_desc_get_decap_type+0x34/0x60 [ath11k] lr : ath11k_hw_qcn9074_rx_desc_get_decap_type+0x5c/0x60 [ath11k] sp : ffff80000ef5bb10 x29: ffff80000ef5bb10 x28: 0000000000000000 x27: ffff000007baafa0 x26: ffff000014a91ed0 x25: 0000000000000000 x24: 0000000000000000 x23: ffff800002b77378 x22: ffff000014a91ec0 x21: ffff000006c8d600 x20: 0000000000000000 x19: ffff800002b77740 x18: 0000000000000006 x17: 736564203634343a x16: 656e694c20657079 x15: 0000000000000143 x14: 00000000ffffffea x13: ffff80000ef5b8b8 x12: ffff80000ef5b8c8 x11: ffff80000a591d30 x10: ffff80000a579d40 x9 : c0000000ffffefff x8 : 0000000000000003 x7 : 0000000000017fe8 x6 : ffff80000a579ce8 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 3a35ec12ed7f8900 x1 : 0000000000000000 x0 : 0000000000000052 Call trace: ath11k_hw_qcn9074_rx_desc_get_decap_type+0x34/0x60 [ath11k] ath11k_dp_rx_deliver_msdu.isra.42+0xa4/0x3d0 [ath11k] ath11k_dp_rx_mon_deliver.isra.43+0x2f8/0x458 [ath11k] ath11k_dp_rx_process_mon_rings+0x310/0x4c0 [ath11k] ath11k_dp_service_srng+0x234/0x338 [ath11k] ath11k_pcic_ext_grp_napi_poll+0x30/0xb8 [ath11k] __napi_poll+0x5c/0x190 napi_threaded_poll+0xf0/0x118 kthread+0xf4/0x110 ret_from_fork+0x10/0x20 Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于ath11k在监控模式启动时未正确处理SKB,可能导致空指针解引用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux d5c65159f2895379e11ca13f62feabe93278985d ~ d6ea1ca1d456bb661e5a9d104e69d2c261161115 -
LinuxLinux 5.6 -

II. Public POCs for CVE-2022-50627

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-50627

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-12-08 · 82 CVEs total

CVE-2022-50630mm: hugetlb: fix UAF in hugetlb_handle_userfault
CVE-2023-53752net: deal with integer overflows in kmalloc_reserve()
CVE-2022-50626media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
CVE-2022-50628drm/gud: Fix UBSAN warning
CVE-2022-50625serial: amba-pl011: avoid SBSA UART accessing DMACR register
CVE-2022-50622ext4: fix potential memory leak in ext4_fc_record_modified_inode()
CVE-2022-50621dm: verity-loadpin: Only trust verity targets with enforcement
CVE-2022-50620f2fs: fix to invalidate dcc->f2fs_issue_discard in error path
CVE-2022-50619drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr()
CVE-2022-50623fpga: prevent integer overflow in dfl_feature_ioctl_set_irq()
CVE-2022-50629wifi: rsi: Fix memory leak in rsi_coex_attach()
CVE-2023-53742kcsan: Avoid READ_ONCE() in read_instrumented_memory()
CVE-2023-53743PCI: Free released resource after coalescing
CVE-2023-53744soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
CVE-2023-53745um: vector: Fix memory leak in vector_config
CVE-2023-53746s390/vfio-ap: fix memory leak in vfio_ap device driver
CVE-2023-53747vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
CVE-2023-53748media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup
CVE-2023-53750pinctrl: freescale: Fix a memory out of bounds when num_configs is 1
CVE-2023-53751cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname

Showing top 20 of 82 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2022-50627

No comments yet

Leave a comment