fkie_cve-2022-50187
Vulnerability from fkie_nvd
Published
2025-06-18 11:15
Modified
2025-06-18 13:47
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: ath11k: fix netdev open race Make sure to allocate resources needed before registering the device. This specifically avoids having a racing open() trigger a BUG_ON() in mod_timer() when ath11k_mac_op_start() is called before the mon_reap_timer as been set up. I did not see this issue with next-20220310, but I hit it on every probe with next-20220511. Perhaps some timing changed in between. Here's the backtrace: [ 51.346947] kernel BUG at kernel/time/timer.c:990! [ 51.346958] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ... [ 51.578225] Call trace: [ 51.583293] __mod_timer+0x298/0x390 [ 51.589518] mod_timer+0x14/0x20 [ 51.595368] ath11k_mac_op_start+0x41c/0x4a0 [ath11k] [ 51.603165] drv_start+0x38/0x60 [mac80211] [ 51.610110] ieee80211_do_open+0x29c/0x7d0 [mac80211] [ 51.617945] ieee80211_open+0x60/0xb0 [mac80211] [ 51.625311] __dev_open+0x100/0x1c0 [ 51.631420] __dev_change_flags+0x194/0x210 [ 51.638214] dev_change_flags+0x24/0x70 [ 51.644646] do_setlink+0x228/0xdb0 [ 51.650723] __rtnl_newlink+0x460/0x830 [ 51.657162] rtnl_newlink+0x4c/0x80 [ 51.663229] rtnetlink_rcv_msg+0x124/0x390 [ 51.669917] netlink_rcv_skb+0x58/0x130 [ 51.676314] rtnetlink_rcv+0x18/0x30 [ 51.682460] netlink_unicast+0x250/0x310 [ 51.688960] netlink_sendmsg+0x19c/0x3e0 [ 51.695458] ____sys_sendmsg+0x220/0x290 [ 51.701938] ___sys_sendmsg+0x7c/0xc0 [ 51.708148] __sys_sendmsg+0x68/0xd0 [ 51.714254] __arm64_sys_sendmsg+0x28/0x40 [ 51.720900] invoke_syscall+0x48/0x120 Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/307ce58270b3b50ca21cfcc910568429b06803f7
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a2c45f8c3d18269e641f0c7da2dde47ef8414034
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/abb7dc8fbb27c15dcc927df56190f3c5ede58bd5
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d4ba1ff87b17e81686ada8f429300876f55f95ad
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/eaff3946a86fc63280a30158a4ae1e141449817c
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nath11k: fix netdev open race\n\nMake sure to allocate resources needed before registering the device.\n\nThis specifically avoids having a racing open() trigger a BUG_ON() in\nmod_timer() when ath11k_mac_op_start() is called before the\nmon_reap_timer as been set up.\n\nI did not see this issue with next-20220310, but I hit it on every probe\nwith next-20220511. Perhaps some timing changed in between.\n\nHere\u0027s the backtrace:\n\n[   51.346947] kernel BUG at kernel/time/timer.c:990!\n[   51.346958] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n...\n[   51.578225] Call trace:\n[   51.583293]  __mod_timer+0x298/0x390\n[   51.589518]  mod_timer+0x14/0x20\n[   51.595368]  ath11k_mac_op_start+0x41c/0x4a0 [ath11k]\n[   51.603165]  drv_start+0x38/0x60 [mac80211]\n[   51.610110]  ieee80211_do_open+0x29c/0x7d0 [mac80211]\n[   51.617945]  ieee80211_open+0x60/0xb0 [mac80211]\n[   51.625311]  __dev_open+0x100/0x1c0\n[   51.631420]  __dev_change_flags+0x194/0x210\n[   51.638214]  dev_change_flags+0x24/0x70\n[   51.644646]  do_setlink+0x228/0xdb0\n[   51.650723]  __rtnl_newlink+0x460/0x830\n[   51.657162]  rtnl_newlink+0x4c/0x80\n[   51.663229]  rtnetlink_rcv_msg+0x124/0x390\n[   51.669917]  netlink_rcv_skb+0x58/0x130\n[   51.676314]  rtnetlink_rcv+0x18/0x30\n[   51.682460]  netlink_unicast+0x250/0x310\n[   51.688960]  netlink_sendmsg+0x19c/0x3e0\n[   51.695458]  ____sys_sendmsg+0x220/0x290\n[   51.701938]  ___sys_sendmsg+0x7c/0xc0\n[   51.708148]  __sys_sendmsg+0x68/0xd0\n[   51.714254]  __arm64_sys_sendmsg+0x28/0x40\n[   51.720900]  invoke_syscall+0x48/0x120\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ath11k: correcci\u00f3n de netdev open race. Aseg\u00farese de asignar los recursos necesarios antes de registrar el dispositivo. Esto evita que un open() de ejecuci\u00f3n active un BUG_ON() en mod_timer() cuando se llama ath11k_mac_op_start() antes de configurar mon_reap_timer. No observ\u00e9 este problema con next-20220310, pero s\u00ed lo encontr\u00e9 en cada sondeo con next-20220511. Quiz\u00e1s se produjo alg\u00fan cambio de sincronizaci\u00f3n entre ambos. Aqu\u00ed est\u00e1 el backtrace: [51.346947] \u00a1ERROR del kernel en kernel/time/timer.c:990! [ 51.346958] Error interno: Ups - ERROR: 0 [#1] PREEMPT SMP ... [ 51.578225] Rastreo de llamadas: [ 51.583293] __mod_timer+0x298/0x390 [ 51.589518] mod_timer+0x14/0x20 [ 51.595368] ath11k_mac_op_start+0x41c/0x4a0 [ath11k] [ 51.603165] drv_start+0x38/0x60 [mac80211] [ 51.610110] ieee80211_do_open+0x29c/0x7d0 [mac80211] [ 51.617945] ieee80211_open+0x60/0xb0 [mac80211] [ 51.625311] __dev_open+0x100/0x1c0 [ 51.631420] __dev_change_flags+0x194/0x210 [ 51.638214] dev_change_flags+0x24/0x70 [ 51.644646] do_setlink+0x228/0xdb0 [ 51.650723] __rtnl_newlink+0x460/0x830 [ 51.657162] rtnl_newlink+0x4c/0x80 [ 51.663229] rtnetlink_rcv_msg+0x124/0x390 [ 51.669917] netlink_rcv_skb+0x58/0x130 [ 51.676314] rtnetlink_rcv+0x18/0x30 [ 51.682460] netlink_unicast+0x250/0x310 [ 51.688960] netlink_sendmsg+0x19c/0x3e0 [ 51.695458] ____sys_sendmsg+0x220/0x290 [ 51.701938] ___sys_sendmsg+0x7c/0xc0 [ 51.708148] __sys_sendmsg+0x68/0xd0 [ 51.714254] __arm64_sys_sendmsg+0x28/0x40 [ 51.720900] invoke_syscall+0x48/0x120 Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3 "
    }
  ],
  "id": "CVE-2022-50187",
  "lastModified": "2025-06-18T13:47:40.833",
  "metrics": {},
  "published": "2025-06-18T11:15:49.267",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/307ce58270b3b50ca21cfcc910568429b06803f7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a2c45f8c3d18269e641f0c7da2dde47ef8414034"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/abb7dc8fbb27c15dcc927df56190f3c5ede58bd5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d4ba1ff87b17e81686ada8f429300876f55f95ad"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/eaff3946a86fc63280a30158a4ae1e141449817c"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.