CVE-2022-50709Use of Uninitialized Variable in Linux

CWE-457Use of Uninitialized Variable7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() syzbot is reporting uninit value at ath9k_htc_rx_msg() [1], for ioctl(USB_RAW_IOCTL_EP_WRITE) can call ath9k_hif_usb_rx_stream() with pkt_len = 0 but ath9k_hif_usb_rx_stream() uses __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC) based on an assumption that pkt_len is valid. As a result, ath9k_hif_usb_rx_stream() allocates skb with uninitialized memory and ath9k_htc_rx_msg()

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.354.14.296+6
Debianlinux/linux_kernel< 5.10.158-1+3
CVEListV5linux/linuxfb9987d0f748c983bb795a86f47522313f701a08f3d2a3b7e290d0bdbddfcee5a6c3d922e2b7e02a+8
debiandebian/linux< linux 6.0.3-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2022-50709: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() syzbot is reporting un2025-12-24
OSV
wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()2025-12-24
GHSA
GHSA-cpm8-mrmc-3w57: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() syzbot is reporting2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()2025-12-24
Debian
CVE-2022-50709: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50709 Impact, Exploitability, and Mitigation Steps | Wiz