1. Home
  2. Vulnerabilities
  3. CVE-2022-50740
0.0
NA
CVE-2022-50740
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() Syzkaller reports a long-known leak of urbs in ath9k_hif_usb_dealloc_tx_urbs(). The cause of the leak is that usb_get_urb() is called but usb_free_urb() (or usb_put_urb()) is not called inside usb_kill_urb() as urb->dev or urb->ep fields have not been initialized and usb_kill_urb() returns immediately. The patch removes trying to kill urbs located in hif_dev->tx.tx_buf because hif_dev->tx.tx_buf is not supposed to contain urbs which are in pending state (the pending urbs are stored in hif_dev->tx.tx_pending). The tx.tx_lock is acquired so there should not be any changes in the list. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

INFO

Published Date :

Dec. 24, 2025, 1:16 p.m.

Last Modified :

Dec. 24, 2025, 1:16 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2022-50740 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Fix memory leak by ensuring URBs are properly managed during USB deallocation.
  • Apply the provided patch to the Linux kernel.
  • Ensure URBs are always freed after being obtained.
  • Verify that pending URBs are correctly handled.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2022-50740.

URL Resource
https://git.kernel.org/stable/c/08aa0537ec8cf29ceccae98acc1a534fc12598c1
https://git.kernel.org/stable/c/134ae5eba41294eff76e4be20d6001b8f0192207
https://git.kernel.org/stable/c/472312fef2b9eccaa03bd59e0ab2527da945e736
https://git.kernel.org/stable/c/9850791d389b342ae6e573fe8198db0b4d338352
https://git.kernel.org/stable/c/c05189a429fdb371dd455c3c466d67ac2ebff152
https://git.kernel.org/stable/c/c2a94de38c74e86f49124ac14f093d6a5c377a90
https://git.kernel.org/stable/c/c3fb3e9a2c0c1a0fa492d90eb19bcfa92a5f884d
https://git.kernel.org/stable/c/d856f7574bcc1d81de565a857caf32f122cd7ce0
https://git.kernel.org/stable/c/eddbb8f7620f9f8008b090a6e10c460074ca575a
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2022-50740 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2022-50740 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2022-50740 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2022-50740 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 24, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() Syzkaller reports a long-known leak of urbs in ath9k_hif_usb_dealloc_tx_urbs(). The cause of the leak is that usb_get_urb() is called but usb_free_urb() (or usb_put_urb()) is not called inside usb_kill_urb() as urb->dev or urb->ep fields have not been initialized and usb_kill_urb() returns immediately. The patch removes trying to kill urbs located in hif_dev->tx.tx_buf because hif_dev->tx.tx_buf is not supposed to contain urbs which are in pending state (the pending urbs are stored in hif_dev->tx.tx_pending). The tx.tx_lock is acquired so there should not be any changes in the list. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
    Added Reference https://git.kernel.org/stable/c/08aa0537ec8cf29ceccae98acc1a534fc12598c1
    Added Reference https://git.kernel.org/stable/c/134ae5eba41294eff76e4be20d6001b8f0192207
    Added Reference https://git.kernel.org/stable/c/472312fef2b9eccaa03bd59e0ab2527da945e736
    Added Reference https://git.kernel.org/stable/c/9850791d389b342ae6e573fe8198db0b4d338352
    Added Reference https://git.kernel.org/stable/c/c05189a429fdb371dd455c3c466d67ac2ebff152
    Added Reference https://git.kernel.org/stable/c/c2a94de38c74e86f49124ac14f093d6a5c377a90
    Added Reference https://git.kernel.org/stable/c/c3fb3e9a2c0c1a0fa492d90eb19bcfa92a5f884d
    Added Reference https://git.kernel.org/stable/c/d856f7574bcc1d81de565a857caf32f122cd7ce0
    Added Reference https://git.kernel.org/stable/c/eddbb8f7620f9f8008b090a6e10c460074ca575a
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.