Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-50735

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/12/2025
Last modified:
24/12/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: mt76: do not run mt76u_status_worker if the device is not running<br /> <br /> Fix the following NULL pointer dereference avoiding to run<br /> mt76u_status_worker thread if the device is not running yet.<br /> <br /> KASAN: null-ptr-deref in range<br /> [0x0000000000000000-0x0000000000000007]<br /> CPU: 0 PID: 98 Comm: kworker/u2:2 Not tainted 5.14.0+ #78 Hardware<br /> name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS<br /> rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014<br /> Workqueue: mt76 mt76u_tx_status_data<br /> RIP: 0010:mt76x02_mac_fill_tx_status.isra.0+0x82c/0x9e0<br /> Code: c5 48 b8 00 00 00 00 00 fc ff df 80 3c 02 00 0f 85 94 01 00 00<br /> 48 b8 00 00 00 00 00 fc ff df 4d 8b 34 24 4c 89 f2 48 c1 ea 03 <br /> b6<br /> 04 02 84 c0 74 08 3c 03 0f 8e 89 01 00 00 41 8b 16 41 0f b7<br /> RSP: 0018:ffffc900005af988 EFLAGS: 00010246<br /> RAX: dffffc0000000000 RBX: ffffc900005afae8 RCX: 0000000000000000<br /> RDX: 0000000000000000 RSI: ffffffff832fc661 RDI: ffffc900005afc2a<br /> RBP: ffffc900005afae0 R08: 0000000000000001 R09: fffff520000b5f3c<br /> R10: 0000000000000003 R11: fffff520000b5f3b R12: ffff88810b6132d8<br /> R13: 000000000000ffff R14: 0000000000000000 R15: ffffc900005afc28<br /> FS: 0000000000000000(0000) GS:ffff88811aa00000(0000)<br /> knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007fa0eda6a000 CR3: 0000000118f17000 CR4: 0000000000750ef0<br /> PKRU: 55555554<br /> Call Trace:<br /> mt76x02_send_tx_status+0x1d2/0xeb0<br /> mt76x02_tx_status_data+0x8e/0xd0<br /> mt76u_tx_status_data+0xe1/0x240<br /> process_one_work+0x92b/0x1460<br /> worker_thread+0x95/0xe00<br /> kthread+0x3a1/0x480<br /> ret_from_fork+0x1f/0x30<br /> Modules linked in:<br /> --[ end trace 8df5d20fc5040f65 ]--<br /> RIP: 0010:mt76x02_mac_fill_tx_status.isra.0+0x82c/0x9e0<br /> Code: c5 48 b8 00 00 00 00 00 fc ff df 80 3c 02 00 0f 85 94 01 00 00<br /> 48 b8 00 00 00 00 00 fc ff df 4d 8b 34 24 4c 89 f2 48 c1 ea 03 <br /> b6<br /> 04 02 84 c0 74 08 3c 03 0f 8e 89 01 00 00 41 8b 16 41 0f b7<br /> RSP: 0018:ffffc900005af988 EFLAGS: 00010246<br /> RAX: dffffc0000000000 RBX: ffffc900005afae8 RCX: 0000000000000000<br /> RDX: 0000000000000000 RSI: ffffffff832fc661 RDI: ffffc900005afc2a<br /> RBP: ffffc900005afae0 R08: 0000000000000001 R09: fffff520000b5f3c<br /> R10: 0000000000000003 R11: fffff520000b5f3b R12: ffff88810b6132d8<br /> R13: 000000000000ffff R14: 0000000000000000 R15: ffffc900005afc28<br /> FS: 0000000000000000(0000) GS:ffff88811aa00000(0000)<br /> knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007fa0eda6a000 CR3: 0000000118f17000 CR4: 0000000000750ef0<br /> PKRU: 55555554<br /> <br /> Moreover move stat_work schedule out of the for loop.

Impact

References to Advisories, Solutions, and Tools