VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2025· Updated Apr 15, 2026

CVE-2022-50627

CVE-2022-50627

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath11k: fix monitor mode bringup crash

When the interface is brought up in monitor mode, it leads to NULL pointer dereference crash. This crash happens when the packet type is extracted for a SKB. This extraction which is present in the received msdu delivery path,is not needed for the monitor ring packets since they are all RAW packets. Hence appending the flags with "RX_FLAG_ONLY_MONITOR" to skip that extraction.

Observed calltrace:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000064 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=0000000048517000 [0000000000000064] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP Modules linked in: ath11k_pci ath11k qmi_helpers CPU: 2 PID: 1781 Comm: napi/-271 Not tainted 6.1.0-rc5-wt-ath-656295-gef907406320c-dirty #6 Hardware name: Qualcomm Technologies, Inc. IPQ8074/AP-HK10-C2 (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ath11k_hw_qcn9074_rx_desc_get_decap_type+0x34/0x60 [ath11k] lr : ath11k_hw_qcn9074_rx_desc_get_decap_type+0x5c/0x60 [ath11k] sp : ffff80000ef5bb10 x29: ffff80000ef5bb10 x28: 0000000000000000 x27: ffff000007baafa0 x26: ffff000014a91ed0 x25: 0000000000000000 x24: 0000000000000000 x23: ffff800002b77378 x22: ffff000014a91ec0 x21: ffff000006c8d600 x20: 0000000000000000 x19: ffff800002b77740 x18: 0000000000000006 x17: 736564203634343a x16: 656e694c20657079 x15: 0000000000000143 x14: 00000000ffffffea x13: ffff80000ef5b8b8 x12: ffff80000ef5b8c8 x11: ffff80000a591d30 x10: ffff80000a579d40 x9 : c0000000ffffefff x8 : 0000000000000003 x7 : 0000000000017fe8 x6 : ffff80000a579ce8 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 3a35ec12ed7f8900 x1 : 0000000000000000 x0 : 0000000000000052 Call trace: ath11k_hw_qcn9074_rx_desc_get_decap_type+0x34/0x60 [ath11k] ath11k_dp_rx_deliver_msdu.isra.42+0xa4/0x3d0 [ath11k] ath11k_dp_rx_mon_deliver.isra.43+0x2f8/0x458 [ath11k] ath11k_dp_rx_process_mon_rings+0x310/0x4c0 [ath11k] ath11k_dp_service_srng+0x234/0x338 [ath11k] ath11k_pcic_ext_grp_napi_poll+0x30/0xb8 [ath11k] __napi_poll+0x5c/0x190 napi_threaded_poll+0xf0/0x118 kthread+0xf4/0x110 ret_from_fork+0x10/0x20

Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A monitor mode bringup crash in ath11k driver due to NULL pointer dereference when extracting packet type from SKB.

Vulnerability

Overview

CVE-2022-50627 is a NULL pointer dereference vulnerability in the Linux kernel's ath11k wireless driver. When a network interface is brought up in monitor mode, a crash occurs in the received MSDU delivery path because the driver attempts to extract the decapsulation type from an SKB that does not have the expected metadata. This extraction is unnecessary for monitor ring packets, which are all raw packets. The fix adds the RX_FLAG_ONLY_MONITOR flag to skip the decap type extraction for monitor-mode packets [1][2].

Exploitation

Scenario

An attacker with local access to the system and the ability to bring up a wireless interface in monitor mode (e.g., via iw or ip commands) can trigger the crash. The vulnerability does not require any special privileges beyond those needed to control network interfaces; however, unprivileged users may not be able to enable monitor mode depending on system policy. The crash results in a kernel panic and denial of service.

Impact

The vulnerability leads to a system crash (Oops) with a potential denial of service. An attacker could repeatedly trigger the crash to disrupt affected systems. The CVSS score is not provided in the description, but given the local nature and DoS impact, the severity is moderate.

Mitigation

The fix has been applied to the stable kernel trees via commits [1] and [2]. Users should update to a patched kernel version (e.g., 6.1.x or later) that includes the changes. As of publication, no workarounds other than avoiding monitor mode on affected hardware have been suggested.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

3
d6ea1ca1d456
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
9089c3080a98
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
950b43f8bd8a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.