CVE-2022-50881Use After Free in Linux

CWE-416Use After Free7 documents6 sources
Severity
7.0HIGH
No vector
EPSS
0.0%
top 92.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() This patch fixes a use-after-free in ath9k that occurs in ath9k_hif_usb_disconnect() when ath9k_destroy_wmi() is trying to access 'drv_priv' that has already been freed by ieee80211_free_hw(), called by ath9k_htc_hw_deinit(). The patch moves ath9k_destroy_wmi() before ieee80211_free_hw(). Note that urbs from the driver should be killed before freeing 'wmi' with ath9

Affected Packages4 packages

Linuxlinux/linux_kernel5.8.05.10.173+3
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxabeaa85054ff8cfe8b99aafc5c70ea067e5d090899ff971b62e5bd5dee65bbe9777375206f5db791+12
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
OSV
wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()2025-12-30
OSV
CVE-2022-50881: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() This patch fixes a u2025-12-30
GHSA
GHSA-wwq2-v7qh-cg3r: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() This patch fixes a2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()2025-12-30
Debian
CVE-2022-50881: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k...2022

🕵️Threat Intelligence

1
Wiz
CVE-2022-50881 Impact, Exploitability, and Mitigation Steps | Wiz