CVE-2022-50740
Memory Leak in Linux ath9k USB Driver's TX URB Handling
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory leak in the Linux kernel's ath9k wireless driver, specifically in the hif_usb component. The issue occurs because the function usb_get_urb() is called without a corresponding usb_free_urb() or usb_put_urb() call inside usb_kill_urb(), due to uninitialized urb->dev or urb->ep fields causing usb_kill_urb() to return early. This leads to a leak of USB Request Blocks (urbs) in the function ath9k_hif_usb_dealloc_tx_urbs(). The patch fixes this by removing attempts to kill urbs in a buffer that should not contain pending urbs, ensuring proper management of these resources.
How can this vulnerability impact me? :
The memory leak caused by this vulnerability can lead to increased memory usage over time, potentially degrading system performance or causing instability in systems using the affected ath9k wireless driver. This could result in reduced reliability of wireless communications or system crashes if the leak is severe and persistent.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch that fixes the memory leak in the ath9k_hif_usb_dealloc_tx_urbs() function of the Linux kernel. This patch removes attempts to kill URBs located in hif_dev->tx.tx_buf, which should not contain pending URBs, thereby preventing the memory leak. Updating the Linux kernel to a version that includes this fix is the recommended mitigation.