SB20251230177 - Use-after-free in Linux kernel ath ath10k driver
Published: December 30, 2025 Updated: December 31, 2025
Security Bulletin ID
SB20251230177
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use-after-free (CVE-ID: CVE-2022-50880)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath10k_peer_delete(), ath10k_peer_cleanup() and ath10k_sta_state() functions in drivers/net/wireless/ath/ath10k/mac.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/08faf07717be0c88b02b5aa45aad2225dfcdd2dc
- https://git.kernel.org/stable/c/15604ab67179ae27ea3c7fb24b6df32b143257c4
- https://git.kernel.org/stable/c/2bf916418d2141b810c40812433ab4ecfd3c2934
- https://git.kernel.org/stable/c/2d6259715c9597a6cfa25db8911683eb0073b1c6
- https://git.kernel.org/stable/c/38245f2d62cd4d1f38a763a7b4045ab4565b30a0
- https://git.kernel.org/stable/c/4494ec1c0bb850eaa80fed98e5b041d961011d3e
- https://git.kernel.org/stable/c/54a3201f3c1ff813523937da78b5fa7649dbab71
- https://git.kernel.org/stable/c/f020d9570a04df0762a2ac5c50cf1d8c511c9164
- https://git.kernel.org/stable/c/f12fc305c127bd07bb50373e29c6037696f916a8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.262