CVE-2022-50740Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 84.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 24

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() Syzkaller reports a long-known leak of urbs in ath9k_hif_usb_dealloc_tx_urbs(). The cause of the leak is that usb_get_urb() is called but usb_free_urb() (or usb_put_urb()) is not called inside usb_kill_urb() as urb->dev or urb->ep fields have not been initialized and usb_kill_urb() returns immediately. The patch removes trying to kill urbs locat

Affected Packages4 packages

Linuxlinux/linux_kernel4.10.04.14.303+7
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linux6f0706ef39fecc6bf56d67728fe0c94e26b43e9d134ae5eba41294eff76e4be20d6001b8f0192207+12
debiandebian/linux< linux 6.1.4-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2022-50740: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() S2025-12-24
GHSA
GHSA-3fvr-fgq3-468j: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()2025-12-24
OSV
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()2025-12-24

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Denial of Service in ath9k Wi-Fi driver due to URB memory leak2025-12-24
Debian
CVE-2022-50740: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50740 Impact, Exploitability, and Mitigation Steps | Wiz