CVE-2022-50871
Out-of-Bounds Access in Linux ath11k QMI Handler Causes Infinite Loop
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's wifi component, specifically the ath11k driver. The issue is that the qmi_msg_handler data structure was not properly null-terminated as required by the QMI module. If a handler for a specific message ID is missing in the handlers array, the code can enter an infinite loop while searching for the handler, which can lead to out-of-bounds memory access in the qmi_invoke_handler() function. The fix involved updating the initialization of the qmi_msg_handler data structure to ensure proper null termination.
How can this vulnerability impact me? :
This vulnerability can cause an infinite loop and out-of-bounds memory access in the Linux kernel's wifi driver. Such behavior can lead to system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service by exploiting the memory corruption.