CVE-2022-50880 (GCVE-0-2022-50880)
Vulnerability from cvelistv5 – Published: 2025-12-30 12:23 – Updated: 2025-12-30 12:23
VLAI?
Title
wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
When peer delete failed in a disconnect operation, use-after-free
detected by KFENCE in below log. It is because for each vdev_id and
address, it has only one struct ath10k_peer, it is allocated in
ath10k_peer_map_event(). When connected to an AP, it has more than
one HTT_T2H_MSG_TYPE_PEER_MAP reported from firmware, then the
array peer_map of struct ath10k will be set muti-elements to the
same ath10k_peer in ath10k_peer_map_event(). When peer delete failed
in ath10k_sta_state(), the ath10k_peer will be free for the 1st peer
id in array peer_map of struct ath10k, and then use-after-free happened
for the 2nd peer id because they map to the same ath10k_peer.
And clean up all peers in array peer_map for the ath10k_peer, then
user-after-free disappeared
peer map event log:
[ 306.911021] wlan0: authenticate with b0:2a:43:e6:75:0e
[ 306.957187] ath10k_pci 0000:01:00.0: mac vdev 0 peer create b0:2a:43:e6:75:0e (new sta) sta 1 / 32 peer 1 / 33
[ 306.957395] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 246
[ 306.957404] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 198
[ 306.986924] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 166
peer unmap event log:
[ 435.715691] wlan0: deauthenticating from b0:2a:43:e6:75:0e by local choice (Reason: 3=DEAUTH_LEAVING)
[ 435.716802] ath10k_pci 0000:01:00.0: mac vdev 0 peer delete b0:2a:43:e6:75:0e sta ffff990e0e9c2b50 (sta gone)
[ 435.717177] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 246
[ 435.717186] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 198
[ 435.717193] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 166
use-after-free log:
[21705.888627] wlan0: deauthenticating from d0:76:8f:82:be:75 by local choice (Reason: 3=DEAUTH_LEAVING)
[21713.799910] ath10k_pci 0000:01:00.0: failed to delete peer d0:76:8f:82:be:75 for vdev 0: -110
[21713.799925] ath10k_pci 0000:01:00.0: found sta peer d0:76:8f:82:be:75 (ptr 0000000000000000 id 102) entry on vdev 0 after it was supposedly removed
[21713.799968] ==================================================================
[21713.799991] BUG: KFENCE: use-after-free read in ath10k_sta_state+0x265/0xb8a [ath10k_core]
[21713.799991]
[21713.799997] Use-after-free read at 0x00000000abe1c75e (in kfence-#69):
[21713.800010] ath10k_sta_state+0x265/0xb8a [ath10k_core]
[21713.800041] drv_sta_state+0x115/0x677 [mac80211]
[21713.800059] __sta_info_destroy_part2+0xb1/0x133 [mac80211]
[21713.800076] __sta_info_flush+0x11d/0x162 [mac80211]
[21713.800093] ieee80211_set_disassoc+0x12d/0x2f4 [mac80211]
[21713.800110] ieee80211_mgd_deauth+0x26c/0x29b [mac80211]
[21713.800137] cfg80211_mlme_deauth+0x13f/0x1bb [cfg80211]
[21713.800153] nl80211_deauthenticate+0xf8/0x121 [cfg80211]
[21713.800161] genl_rcv_msg+0x38e/0x3be
[21713.800166] netlink_rcv_skb+0x89/0xf7
[21713.800171] genl_rcv+0x28/0x36
[21713.800176] netlink_unicast+0x179/0x24b
[21713.800181] netlink_sendmsg+0x3a0/0x40e
[21713.800187] sock_sendmsg+0x72/0x76
[21713.800192] ____sys_sendmsg+0x16d/0x1e3
[21713.800196] ___sys_sendmsg+0x95/0xd1
[21713.800200] __sys_sendmsg+0x85/0xbf
[21713.800205] do_syscall_64+0x43/0x55
[21713.800210] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[21713.800213]
[21713.800219] kfence-#69: 0x000000009149b0d5-0x000000004c0697fb, size=1064, cache=kmalloc-2k
[21713.800219]
[21713.800224] allocated by task 13 on cpu 0 at 21705.501373s:
[21713.800241] ath10k_peer_map_event+0x7e/0x154 [ath10k_core]
[21713.800254] ath10k_htt_t2h_msg_handler+0x586/0x1039 [ath10k_core]
[21713.800265] ath10k_htt_htc_t2h_msg_handler+0x12/0x28 [ath10k_core]
[21713.800277] ath10k_htc_rx_completion_handler+0x14c/0x1b5 [ath10k_core]
[21713.800283] ath10k_pci_process_rx_cb+0x195/0x1d
---truncated---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d0eeafad118940fe445ca00f45be5624fea2ec34 , < 15604ab67179ae27ea3c7fb24b6df32b143257c4
(git)
Affected: d0eeafad118940fe445ca00f45be5624fea2ec34 , < 2d6259715c9597a6cfa25db8911683eb0073b1c6 (git) Affected: d0eeafad118940fe445ca00f45be5624fea2ec34 , < f12fc305c127bd07bb50373e29c6037696f916a8 (git) Affected: d0eeafad118940fe445ca00f45be5624fea2ec34 , < 4494ec1c0bb850eaa80fed98e5b041d961011d3e (git) Affected: d0eeafad118940fe445ca00f45be5624fea2ec34 , < 08faf07717be0c88b02b5aa45aad2225dfcdd2dc (git) Affected: d0eeafad118940fe445ca00f45be5624fea2ec34 , < 54a3201f3c1ff813523937da78b5fa7649dbab71 (git) Affected: d0eeafad118940fe445ca00f45be5624fea2ec34 , < 2bf916418d2141b810c40812433ab4ecfd3c2934 (git) Affected: d0eeafad118940fe445ca00f45be5624fea2ec34 , < 38245f2d62cd4d1f38a763a7b4045ab4565b30a0 (git) Affected: d0eeafad118940fe445ca00f45be5624fea2ec34 , < f020d9570a04df0762a2ac5c50cf1d8c511c9164 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath10k/mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "15604ab67179ae27ea3c7fb24b6df32b143257c4",
"status": "affected",
"version": "d0eeafad118940fe445ca00f45be5624fea2ec34",
"versionType": "git"
},
{
"lessThan": "2d6259715c9597a6cfa25db8911683eb0073b1c6",
"status": "affected",
"version": "d0eeafad118940fe445ca00f45be5624fea2ec34",
"versionType": "git"
},
{
"lessThan": "f12fc305c127bd07bb50373e29c6037696f916a8",
"status": "affected",
"version": "d0eeafad118940fe445ca00f45be5624fea2ec34",
"versionType": "git"
},
{
"lessThan": "4494ec1c0bb850eaa80fed98e5b041d961011d3e",
"status": "affected",
"version": "d0eeafad118940fe445ca00f45be5624fea2ec34",
"versionType": "git"
},
{
"lessThan": "08faf07717be0c88b02b5aa45aad2225dfcdd2dc",
"status": "affected",
"version": "d0eeafad118940fe445ca00f45be5624fea2ec34",
"versionType": "git"
},
{
"lessThan": "54a3201f3c1ff813523937da78b5fa7649dbab71",
"status": "affected",
"version": "d0eeafad118940fe445ca00f45be5624fea2ec34",
"versionType": "git"
},
{
"lessThan": "2bf916418d2141b810c40812433ab4ecfd3c2934",
"status": "affected",
"version": "d0eeafad118940fe445ca00f45be5624fea2ec34",
"versionType": "git"
},
{
"lessThan": "38245f2d62cd4d1f38a763a7b4045ab4565b30a0",
"status": "affected",
"version": "d0eeafad118940fe445ca00f45be5624fea2ec34",
"versionType": "git"
},
{
"lessThan": "f020d9570a04df0762a2ac5c50cf1d8c511c9164",
"status": "affected",
"version": "d0eeafad118940fe445ca00f45be5624fea2ec34",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath10k/mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.8"
},
{
"lessThan": "4.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.296",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.220",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.19.*",
"status": "unaffected",
"version": "5.19.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.331",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.296",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.262",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.220",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.150",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.75",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19.17",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "4.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()\n\nWhen peer delete failed in a disconnect operation, use-after-free\ndetected by KFENCE in below log. It is because for each vdev_id and\naddress, it has only one struct ath10k_peer, it is allocated in\nath10k_peer_map_event(). When connected to an AP, it has more than\none HTT_T2H_MSG_TYPE_PEER_MAP reported from firmware, then the\narray peer_map of struct ath10k will be set muti-elements to the\nsame ath10k_peer in ath10k_peer_map_event(). When peer delete failed\nin ath10k_sta_state(), the ath10k_peer will be free for the 1st peer\nid in array peer_map of struct ath10k, and then use-after-free happened\nfor the 2nd peer id because they map to the same ath10k_peer.\n\nAnd clean up all peers in array peer_map for the ath10k_peer, then\nuser-after-free disappeared\n\npeer map event log:\n[ 306.911021] wlan0: authenticate with b0:2a:43:e6:75:0e\n[ 306.957187] ath10k_pci 0000:01:00.0: mac vdev 0 peer create b0:2a:43:e6:75:0e (new sta) sta 1 / 32 peer 1 / 33\n[ 306.957395] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 246\n[ 306.957404] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 198\n[ 306.986924] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 166\n\npeer unmap event log:\n[ 435.715691] wlan0: deauthenticating from b0:2a:43:e6:75:0e by local choice (Reason: 3=DEAUTH_LEAVING)\n[ 435.716802] ath10k_pci 0000:01:00.0: mac vdev 0 peer delete b0:2a:43:e6:75:0e sta ffff990e0e9c2b50 (sta gone)\n[ 435.717177] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 246\n[ 435.717186] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 198\n[ 435.717193] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 166\n\nuse-after-free log:\n[21705.888627] wlan0: deauthenticating from d0:76:8f:82:be:75 by local choice (Reason: 3=DEAUTH_LEAVING)\n[21713.799910] ath10k_pci 0000:01:00.0: failed to delete peer d0:76:8f:82:be:75 for vdev 0: -110\n[21713.799925] ath10k_pci 0000:01:00.0: found sta peer d0:76:8f:82:be:75 (ptr 0000000000000000 id 102) entry on vdev 0 after it was supposedly removed\n[21713.799968] ==================================================================\n[21713.799991] BUG: KFENCE: use-after-free read in ath10k_sta_state+0x265/0xb8a [ath10k_core]\n[21713.799991]\n[21713.799997] Use-after-free read at 0x00000000abe1c75e (in kfence-#69):\n[21713.800010] ath10k_sta_state+0x265/0xb8a [ath10k_core]\n[21713.800041] drv_sta_state+0x115/0x677 [mac80211]\n[21713.800059] __sta_info_destroy_part2+0xb1/0x133 [mac80211]\n[21713.800076] __sta_info_flush+0x11d/0x162 [mac80211]\n[21713.800093] ieee80211_set_disassoc+0x12d/0x2f4 [mac80211]\n[21713.800110] ieee80211_mgd_deauth+0x26c/0x29b [mac80211]\n[21713.800137] cfg80211_mlme_deauth+0x13f/0x1bb [cfg80211]\n[21713.800153] nl80211_deauthenticate+0xf8/0x121 [cfg80211]\n[21713.800161] genl_rcv_msg+0x38e/0x3be\n[21713.800166] netlink_rcv_skb+0x89/0xf7\n[21713.800171] genl_rcv+0x28/0x36\n[21713.800176] netlink_unicast+0x179/0x24b\n[21713.800181] netlink_sendmsg+0x3a0/0x40e\n[21713.800187] sock_sendmsg+0x72/0x76\n[21713.800192] ____sys_sendmsg+0x16d/0x1e3\n[21713.800196] ___sys_sendmsg+0x95/0xd1\n[21713.800200] __sys_sendmsg+0x85/0xbf\n[21713.800205] do_syscall_64+0x43/0x55\n[21713.800210] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n[21713.800213]\n[21713.800219] kfence-#69: 0x000000009149b0d5-0x000000004c0697fb, size=1064, cache=kmalloc-2k\n[21713.800219]\n[21713.800224] allocated by task 13 on cpu 0 at 21705.501373s:\n[21713.800241] ath10k_peer_map_event+0x7e/0x154 [ath10k_core]\n[21713.800254] ath10k_htt_t2h_msg_handler+0x586/0x1039 [ath10k_core]\n[21713.800265] ath10k_htt_htc_t2h_msg_handler+0x12/0x28 [ath10k_core]\n[21713.800277] ath10k_htc_rx_completion_handler+0x14c/0x1b5 [ath10k_core]\n[21713.800283] ath10k_pci_process_rx_cb+0x195/0x1d\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T12:23:19.551Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/15604ab67179ae27ea3c7fb24b6df32b143257c4"
},
{
"url": "https://git.kernel.org/stable/c/2d6259715c9597a6cfa25db8911683eb0073b1c6"
},
{
"url": "https://git.kernel.org/stable/c/f12fc305c127bd07bb50373e29c6037696f916a8"
},
{
"url": "https://git.kernel.org/stable/c/4494ec1c0bb850eaa80fed98e5b041d961011d3e"
},
{
"url": "https://git.kernel.org/stable/c/08faf07717be0c88b02b5aa45aad2225dfcdd2dc"
},
{
"url": "https://git.kernel.org/stable/c/54a3201f3c1ff813523937da78b5fa7649dbab71"
},
{
"url": "https://git.kernel.org/stable/c/2bf916418d2141b810c40812433ab4ecfd3c2934"
},
{
"url": "https://git.kernel.org/stable/c/38245f2d62cd4d1f38a763a7b4045ab4565b30a0"
},
{
"url": "https://git.kernel.org/stable/c/f020d9570a04df0762a2ac5c50cf1d8c511c9164"
}
],
"title": "wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50880",
"datePublished": "2025-12-30T12:23:19.551Z",
"dateReserved": "2025-12-30T12:06:07.137Z",
"dateUpdated": "2025-12-30T12:23:19.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-50880\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-30T13:16:03.063\",\"lastModified\":\"2025-12-30T13:16:03.063\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()\\n\\nWhen peer delete failed in a disconnect operation, use-after-free\\ndetected by KFENCE in below log. It is because for each vdev_id and\\naddress, it has only one struct ath10k_peer, it is allocated in\\nath10k_peer_map_event(). When connected to an AP, it has more than\\none HTT_T2H_MSG_TYPE_PEER_MAP reported from firmware, then the\\narray peer_map of struct ath10k will be set muti-elements to the\\nsame ath10k_peer in ath10k_peer_map_event(). When peer delete failed\\nin ath10k_sta_state(), the ath10k_peer will be free for the 1st peer\\nid in array peer_map of struct ath10k, and then use-after-free happened\\nfor the 2nd peer id because they map to the same ath10k_peer.\\n\\nAnd clean up all peers in array peer_map for the ath10k_peer, then\\nuser-after-free disappeared\\n\\npeer map event log:\\n[ 306.911021] wlan0: authenticate with b0:2a:43:e6:75:0e\\n[ 306.957187] ath10k_pci 0000:01:00.0: mac vdev 0 peer create b0:2a:43:e6:75:0e (new sta) sta 1 / 32 peer 1 / 33\\n[ 306.957395] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 246\\n[ 306.957404] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 198\\n[ 306.986924] ath10k_pci 0000:01:00.0: htt peer map vdev 0 peer b0:2a:43:e6:75:0e id 166\\n\\npeer unmap event log:\\n[ 435.715691] wlan0: deauthenticating from b0:2a:43:e6:75:0e by local choice (Reason: 3=DEAUTH_LEAVING)\\n[ 435.716802] ath10k_pci 0000:01:00.0: mac vdev 0 peer delete b0:2a:43:e6:75:0e sta ffff990e0e9c2b50 (sta gone)\\n[ 435.717177] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 246\\n[ 435.717186] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 198\\n[ 435.717193] ath10k_pci 0000:01:00.0: htt peer unmap vdev 0 peer b0:2a:43:e6:75:0e id 166\\n\\nuse-after-free log:\\n[21705.888627] wlan0: deauthenticating from d0:76:8f:82:be:75 by local choice (Reason: 3=DEAUTH_LEAVING)\\n[21713.799910] ath10k_pci 0000:01:00.0: failed to delete peer d0:76:8f:82:be:75 for vdev 0: -110\\n[21713.799925] ath10k_pci 0000:01:00.0: found sta peer d0:76:8f:82:be:75 (ptr 0000000000000000 id 102) entry on vdev 0 after it was supposedly removed\\n[21713.799968] ==================================================================\\n[21713.799991] BUG: KFENCE: use-after-free read in ath10k_sta_state+0x265/0xb8a [ath10k_core]\\n[21713.799991]\\n[21713.799997] Use-after-free read at 0x00000000abe1c75e (in kfence-#69):\\n[21713.800010] ath10k_sta_state+0x265/0xb8a [ath10k_core]\\n[21713.800041] drv_sta_state+0x115/0x677 [mac80211]\\n[21713.800059] __sta_info_destroy_part2+0xb1/0x133 [mac80211]\\n[21713.800076] __sta_info_flush+0x11d/0x162 [mac80211]\\n[21713.800093] ieee80211_set_disassoc+0x12d/0x2f4 [mac80211]\\n[21713.800110] ieee80211_mgd_deauth+0x26c/0x29b [mac80211]\\n[21713.800137] cfg80211_mlme_deauth+0x13f/0x1bb [cfg80211]\\n[21713.800153] nl80211_deauthenticate+0xf8/0x121 [cfg80211]\\n[21713.800161] genl_rcv_msg+0x38e/0x3be\\n[21713.800166] netlink_rcv_skb+0x89/0xf7\\n[21713.800171] genl_rcv+0x28/0x36\\n[21713.800176] netlink_unicast+0x179/0x24b\\n[21713.800181] netlink_sendmsg+0x3a0/0x40e\\n[21713.800187] sock_sendmsg+0x72/0x76\\n[21713.800192] ____sys_sendmsg+0x16d/0x1e3\\n[21713.800196] ___sys_sendmsg+0x95/0xd1\\n[21713.800200] __sys_sendmsg+0x85/0xbf\\n[21713.800205] do_syscall_64+0x43/0x55\\n[21713.800210] entry_SYSCALL_64_after_hwframe+0x44/0xa9\\n[21713.800213]\\n[21713.800219] kfence-#69: 0x000000009149b0d5-0x000000004c0697fb, size=1064, cache=kmalloc-2k\\n[21713.800219]\\n[21713.800224] allocated by task 13 on cpu 0 at 21705.501373s:\\n[21713.800241] ath10k_peer_map_event+0x7e/0x154 [ath10k_core]\\n[21713.800254] ath10k_htt_t2h_msg_handler+0x586/0x1039 [ath10k_core]\\n[21713.800265] ath10k_htt_htc_t2h_msg_handler+0x12/0x28 [ath10k_core]\\n[21713.800277] ath10k_htc_rx_completion_handler+0x14c/0x1b5 [ath10k_core]\\n[21713.800283] ath10k_pci_process_rx_cb+0x195/0x1d\\n---truncated---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/08faf07717be0c88b02b5aa45aad2225dfcdd2dc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/15604ab67179ae27ea3c7fb24b6df32b143257c4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2bf916418d2141b810c40812433ab4ecfd3c2934\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2d6259715c9597a6cfa25db8911683eb0073b1c6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/38245f2d62cd4d1f38a763a7b4045ab4565b30a0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4494ec1c0bb850eaa80fed98e5b041d961011d3e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/54a3201f3c1ff813523937da78b5fa7649dbab71\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f020d9570a04df0762a2ac5c50cf1d8c511c9164\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/f12fc305c127bd07bb50373e29c6037696f916a8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…