{"id":"CVE-2022-50627","summary":"wifi: ath11k: fix monitor mode bringup crash","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix monitor mode bringup crash\n\nWhen the interface is brought up in monitor mode, it leads\nto NULL pointer dereference crash. This crash happens when\nthe packet type is extracted for a SKB. This extraction\nwhich is present in the received msdu delivery path,is\nnot needed for the monitor ring packets since they are\nall RAW packets. Hence appending the flags with\n\"RX_FLAG_ONLY_MONITOR\" to skip that extraction.\n\nObserved calltrace:\n\nUnable to handle kernel NULL pointer dereference at virtual address\n0000000000000064\nMem abort info:\n  ESR = 0x0000000096000004\n  EC = 0x25: DABT (current EL), IL = 32 bits\n  SET = 0, FnV = 0\n  EA = 0, S1PTW = 0\n  FSC = 0x04: level 0 translation fault\nData abort info:\n  ISV = 0, ISS = 0x00000004\n  CM = 0, WnR = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=0000000048517000\n[0000000000000064] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 0000000096000004 [#1] PREEMPT SMP\nModules linked in: ath11k_pci ath11k qmi_helpers\nCPU: 2 PID: 1781 Comm: napi/-271 Not tainted\n6.1.0-rc5-wt-ath-656295-gef907406320c-dirty #6\nHardware name: Qualcomm Technologies, Inc. IPQ8074/AP-HK10-C2 (DT)\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : ath11k_hw_qcn9074_rx_desc_get_decap_type+0x34/0x60 [ath11k]\nlr : ath11k_hw_qcn9074_rx_desc_get_decap_type+0x5c/0x60 [ath11k]\nsp : ffff80000ef5bb10\nx29: ffff80000ef5bb10 x28: 0000000000000000 x27: ffff000007baafa0\nx26: ffff000014a91ed0 x25: 0000000000000000 x24: 0000000000000000\nx23: ffff800002b77378 x22: ffff000014a91ec0 x21: ffff000006c8d600\nx20: 0000000000000000 x19: ffff800002b77740 x18: 0000000000000006\nx17: 736564203634343a x16: 656e694c20657079 x15: 0000000000000143\nx14: 00000000ffffffea x13: ffff80000ef5b8b8 x12: ffff80000ef5b8c8\nx11: ffff80000a591d30 x10: ffff80000a579d40 x9 : c0000000ffffefff\nx8 : 0000000000000003 x7 : 0000000000017fe8 x6 : ffff80000a579ce8\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 3a35ec12ed7f8900 x1 : 0000000000000000 x0 : 0000000000000052\nCall trace:\n ath11k_hw_qcn9074_rx_desc_get_decap_type+0x34/0x60 [ath11k]\n ath11k_dp_rx_deliver_msdu.isra.42+0xa4/0x3d0 [ath11k]\n ath11k_dp_rx_mon_deliver.isra.43+0x2f8/0x458 [ath11k]\n ath11k_dp_rx_process_mon_rings+0x310/0x4c0 [ath11k]\n ath11k_dp_service_srng+0x234/0x338 [ath11k]\n ath11k_pcic_ext_grp_napi_poll+0x30/0xb8 [ath11k]\n __napi_poll+0x5c/0x190\n napi_threaded_poll+0xf0/0x118\n kthread+0xf4/0x110\n ret_from_fork+0x10/0x20\n\nTested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1","modified":"2026-03-20T12:22:36.405960Z","published":"2025-12-08T01:16:42.095Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50627.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/9089c3080a98f1452335e08b8014a28003a211ce"},{"type":"WEB","url":"https://git.kernel.org/stable/c/950b43f8bd8a4d476d2da6d2a083a89bcd3c90d7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d6ea1ca1d456bb661e5a9d104e69d2c261161115"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50627.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50627"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d5c65159f2895379e11ca13f62feabe93278985d"},{"fixed":"d6ea1ca1d456bb661e5a9d104e69d2c261161115"},{"fixed":"9089c3080a98f1452335e08b8014a28003a211ce"},{"fixed":"950b43f8bd8a4d476d2da6d2a083a89bcd3c90d7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50627.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.6.0"},{"fixed":"6.1.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.2.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50627.json"}}],"schema_version":"1.7.5"}