What is CVE-2022-50709?

CVE-2022-50709 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 2.6.35 onward and patched in 4.14.296, 4.19.262, 5.4.220 and others. CVE-2022-50709 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2022-50709?

CVE-2022-50709 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2022-50709?

Yes, CVE-2022-50709 has been patched. Fixed versions include 4.14.296, 4.19.262, 5.4.220 and others. If you are running Linux kernel 2.6.35 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2022-50709 actively exploited?

CVE-2022-50709 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2022-50709

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() syzbot is reporting uninit value at ath9k_htc_rx_msg() [1], for ioctl(USB_RAW_IOCTL_EP_WRITE) can call ath9k_hif_usb_rx_stream() with pkt_len = 0 but ath9k_hif_usb_rx_stream() uses __dev_alloc_skb(pkt_len + 32, GFP_ATOMIC) based on an assumption that pkt_len is valid. As a result, ath9k_hif_usb_rx_stream() allocates skb with uninitialized memory and ath9k_htc_rx_msg() is reading from uninitialized memory. Since bytes accessed by ath9k_htc_rx_msg() is not known until ath9k_htc_rx_msg() is called, it would be difficult to check minimal valid pkt_len at "if (pkt_len > 2 * MAX_RX_BUF_SIZE) {" line in ath9k_hif_usb_rx_stream(). We have two choices. One is to workaround by adding __GFP_ZERO so that ath9k_htc_rx_msg() sees 0 if pkt_len is invalid. The other is to let ath9k_htc_rx_msg() validate pkt_len before accessing. This patch chose the latter. Note that I'm not sure threshold condition is correct, for I can't find details on possible packet length used by this protocol.

Package Linux Kernel

Published 2025-12-24

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 2.6.35 and later are affected. Fixed in 4.14.296, 4.19.262, 5.4.220, 5.10.150, 5.15.75, 5.19.17, 6.0.3, 6.1 and their respective stable series.

Affected from

≥ 2.6.35

Fixed in

✓ 4.14.296 4.14.x ✓ 4.19.262 4.19.x ✓ 5.4.220 5.4.x ✓ 5.10.150 5.10.x ✓ 5.15.75 5.15.x ✓ 5.19.17 5.19.x ✓ 6.0.3 6.0.x ✓ 6.1

References

The following references provide additional information about CVE-2022-50709 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/0d2649b288b7b9484e3d4380c0d6c4720a17e473
Patch
Kernel patch commit
https://git.kernel.org/stable/c/2c485f4f2a64258acc5228e78ffb828c68d9e770
Patch
Kernel patch commit
https://git.kernel.org/stable/c/4891a50f5ed8bfcb8f2a4b816b0676f398687783
Patch

8 patch commits total View all on NVD

Frequently asked questions

What is CVE-2022-50709?

CVE-2022-50709 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 2.6.35 onward and has been patched in 4.14.296, 4.19.262, 5.4.220 and others. CVE-2022-50709 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2022-50709?

Yes — CVE-2022-50709 has been patched. Fixed versions include 4.14.296, 4.19.262, 5.4.220 and others. If you are running Linux kernel 2.6.35 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2022-50709 actively exploited?

No — CVE-2022-50709 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.