CVE-2022-50740
Unknown Unknown - Not Provided
Memory Leak in Linux ath9k USB Driver's TX URB Handling

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() Syzkaller reports a long-known leak of urbs in ath9k_hif_usb_dealloc_tx_urbs(). The cause of the leak is that usb_get_urb() is called but usb_free_urb() (or usb_put_urb()) is not called inside usb_kill_urb() as urb->dev or urb->ep fields have not been initialized and usb_kill_urb() returns immediately. The patch removes trying to kill urbs located in hif_dev->tx.tx_buf because hif_dev->tx.tx_buf is not supposed to contain urbs which are in pending state (the pending urbs are stored in hif_dev->tx.tx_pending). The tx.tx_lock is acquired so there should not be any changes in the list. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-15
NVD
CVE-2022-50740
EUVD
EUVD-2022-55821
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's ath9k wireless driver, specifically in the hif_usb component. The issue occurs because the function usb_get_urb() is called without a corresponding usb_free_urb() or usb_put_urb() call inside usb_kill_urb(), due to uninitialized urb->dev or urb->ep fields causing usb_kill_urb() to return early. This leads to a leak of USB Request Blocks (urbs) in the function ath9k_hif_usb_dealloc_tx_urbs(). The patch fixes this by removing attempts to kill urbs in a buffer that should not contain pending urbs, ensuring proper management of these resources.

Impact Analysis

The memory leak caused by this vulnerability can lead to increased memory usage over time, potentially degrading system performance or causing instability in systems using the affected ath9k wireless driver. This could result in reduced reliability of wireless communications or system crashes if the leak is severe and persistent.

Mitigation Strategies

Apply the patch that fixes the memory leak in the ath9k_hif_usb_dealloc_tx_urbs() function of the Linux kernel. This patch removes attempts to kill URBs located in hif_dev->tx.tx_buf, which should not contain pending URBs, thereby preventing the memory leak. Updating the Linux kernel to a version that includes this fix is the recommended mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50740. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart