SB20250619146 - Use-after-free in Linux kernel ath ath9k driver
Published: June 19, 2025 Updated: June 21, 2025
Security Bulletin ID
SB20250619146
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2022-50179)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/03ca957c5f7b55660957eda20b5db4110319ac7a
- https://git.kernel.org/stable/c/0ac4827f78c7ffe8eef074bc010e7e34bc22f533
- https://git.kernel.org/stable/c/62bc1ea5c7401d77eaf73d0c6a15f3d2e742856e
- https://git.kernel.org/stable/c/6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6
- https://git.kernel.org/stable/c/ab7a0ddf5f1cdec63cb21840369873806fc36d80
- https://git.kernel.org/stable/c/b66ebac40f64336ae2d053883bee85261060bd27
- https://git.kernel.org/stable/c/e9e21206b8ea62220b486310c61277e7ebfe7cec
- https://git.kernel.org/stable/c/eccd7c3e2596b574241a7670b5b53f5322f470e5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.137