CVE-2022-50533 PUBLISHED

wifi: mac80211: mlme: fix null-ptr deref on failed assoc

Assigner: Linux
Reserved: 07.10.2025 Published: 07.10.2025 Updated: 07.10.2025

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: mlme: fix null-ptr deref on failed assoc

If association to an AP without a link 0 fails, then we crash in tracing because it assumes that either ap_mld_addr or link 0 BSS is valid, since we clear sdata->vif.valid_links and then don't add the ap_mld_addr to the struct.

Since we clear also sdata->vif.cfg.ap_addr, keep a local copy of it and assign it earlier, before clearing valid_links, to fix this.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 81151ce462e533551f3284bfdb8e0f461c9220e6 to c695dfba8dfb82dc7ace4f22be088916cbf621ca (excl.) affected from 81151ce462e533551f3284bfdb8e0f461c9220e6 to bb7743955a929e44b308cc3f63f8cc03873c1bee (excl.) affected from 81151ce462e533551f3284bfdb8e0f461c9220e6 to 78a6a43aaf87180ec7425a2a90468e1b4d09a1ec (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.0 is affected unaffected from 0 to 6.0 (excl.) unaffected from 6.0.16 to 6.0.* (incl.) unaffected from 6.1.2 to 6.1.* (incl.) unaffected from 6.2 to * (incl.)

CVE-2022-50533 PUBLISHED

wifi: mac80211: mlme: fix null-ptr deref on failed assoc

Product Status

References