CVE-2022-49123

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-49123
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49123.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-49123
Downstream
Related
Published
2025-02-26T01:55:02Z
Modified
2025-10-21T09:00:09.261552Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
ath11k: Fix frames flush failure caused by deadlock
Details

In the Linux kernel, the following vulnerability has been resolved:

ath11k: Fix frames flush failure caused by deadlock

We are seeing below warnings:

kernel: [25393.301506] ath11kpci 0000:01:00.0: failed to flush mgmt transmit queue 0 kernel: [25398.421509] ath11kpci 0000:01:00.0: failed to flush mgmt transmit queue 0 kernel: [25398.421831] ath11kpci 0000:01:00.0: dropping mgmt frame for vdev 0, isstarted 0

this means ath11k fails to flush mgmt. frames because wmimgmttx_work has no chance to run in 5 seconds.

By setting /proc/sys/kernel/hungtasktimeoutsecs to 20 and increasing ATH11KFLUSH_TIMEOUT to 50 we get below warnings:

kernel: [ 120.763160] INFO: task wpasupplicant:924 blocked for more than 20 seconds. kernel: [ 120.763169] Not tainted 5.10.90 #12 kernel: [ 120.763177] "echo 0 > /proc/sys/kernel/hungtasktimeoutsecs" disables this message. kernel: [ 120.763186] task:wpasupplicant state:D stack: 0 pid: 924 ppid: 1 flags:0x000043a0 kernel: [ 120.763201] Call Trace: kernel: [ 120.763214] schedule+0x785/0x12fa kernel: [ 120.763224] ? lockdephardirqsonprepare+0xe2/0x1bb kernel: [ 120.763242] schedule+0x7e/0xa1 kernel: [ 120.763253] scheduletimeout+0x98/0xfe kernel: [ 120.763266] ? runlocaltimers+0x4a/0x4a kernel: [ 120.763291] ath11kmacflushtxcomplete+0x197/0x2b1 [ath11k 13c3a9bf37790f4ac8103b3decf7ab4008ac314a] kernel: [ 120.763306] ? initwaitentry+0x2e/0x2e kernel: [ 120.763343] _ieee80211flushqueues+0x167/0x21f [mac80211 335da900954f1c5ea7f1613d92088ce83342042c] kernel: [ 120.763378] _ieee80211recalcidle+0x105/0x125 [mac80211 335da900954f1c5ea7f1613d92088ce83342042c] kernel: [ 120.763411] ieee80211recalcidle+0x14/0x27 [mac80211 335da900954f1c5ea7f1613d92088ce83342042c] kernel: [ 120.763441] ieee80211freechanctx+0x77/0xa2 [mac80211 335da900954f1c5ea7f1613d92088ce83342042c] kernel: [ 120.763473] _ieee80211vifreleasechannel+0x100/0x131 [mac80211 335da900954f1c5ea7f1613d92088ce83342042c] kernel: [ 120.763540] ieee80211vifreleasechannel+0x66/0x81 [mac80211 335da900954f1c5ea7f1613d92088ce83342042c] kernel: [ 120.763572] ieee80211destroyauthdata+0xa3/0xe6 [mac80211 335da900954f1c5ea7f1613d92088ce83342042c] kernel: [ 120.763612] ieee80211mgddeauth+0x178/0x29b [mac80211 335da900954f1c5ea7f1613d92088ce83342042c] kernel: [ 120.763654] cfg80211mlmedeauth+0x1a8/0x22c [cfg80211 8945aa5bc2af5f6972336665d8ad6f9c191ad5be] kernel: [ 120.763697] nl80211deauthenticate+0xfa/0x123 [cfg80211 8945aa5bc2af5f6972336665d8ad6f9c191ad5be] kernel: [ 120.763715] genlrcvmsg+0x392/0x3c2 kernel: [ 120.763750] ? nl80211associate+0x432/0x432 [cfg80211 8945aa5bc2af5f6972336665d8ad6f9c191ad5be] kernel: [ 120.763782] ? nl80211associate+0x432/0x432 [cfg80211 8945aa5bc2af5f6972336665d8ad6f9c191ad5be] kernel: [ 120.763802] ? genlrcv+0x36/0x36 kernel: [ 120.763814] netlinkrcvskb+0x89/0xf7 kernel: [ 120.763829] genlrcv+0x28/0x36 kernel: [ 120.763840] netlinkunicast+0x179/0x24b kernel: [ 120.763854] netlinksendmsg+0x393/0x401 kernel: [ 120.763872] socksendmsg+0x72/0x76 kernel: [ 120.763886] _syssendmsg+0x170/0x1e6 kernel: [ 120.763897] ? copymsghdrfromuser+0x7a/0xa2 kernel: [ 120.763914] _syssendmsg+0x95/0xd1 kernel: [ 120.763940] _syssendmsg+0x85/0xbf kernel: [ 120.763956] dosyscall64+0x43/0x55 kernel: [ 120.763966] entrySYSCALL64afterhwframe+0x44/0xa9 kernel: [ 120.763977] RIP: 0033:0x79089f3fcc83 kernel: [ 120.763986] RSP: 002b:00007ffe604f0508 EFLAGS: 00000246 ORIGRAX: 000000000000002e kernel: [ 120.763997] RAX: ffffffffffffffda RBX: 000059b40e987690 RCX: 000079089f3fcc83 kernel: [ 120.764006] RDX: 0000000000000000 RSI: 00007ffe604f0558 RDI: 0000000000000009 kernel: [ 120.764014] RBP: 00007ffe604f0540 R08: 0000000000000004 R09: 0000000000400000 kernel: [ 120.764023] R10: 00007ffe604f0638 R11: 0000000000000246 R12: 000059b40ea04980 kernel: [ 120.764032] R13: 00007ffe604 ---truncated---

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d5c65159f2895379e11ca13f62feabe93278985d
Fixed
33e723dc054edfc94da90eecca3b72cb424ce4a3
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d5c65159f2895379e11ca13f62feabe93278985d
Fixed
261b07519518bd14cb168b287b17e1d195f8d0c8

Affected versions

v5.*

v5.10
v5.10-rc1
v5.10-rc2
v5.10-rc3
v5.10-rc4
v5.10-rc5
v5.10-rc6
v5.10-rc7
v5.11
v5.11-rc1
v5.11-rc2
v5.11-rc3
v5.11-rc4
v5.11-rc5
v5.11-rc6
v5.11-rc7
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.17.1
v5.17.2
v5.4
v5.4-rc6
v5.4-rc7
v5.4-rc8
v5.5
v5.5-rc1
v5.5-rc2
v5.5-rc3
v5.5-rc4
v5.5-rc5
v5.5-rc6
v5.5-rc7
v5.6
v5.6-rc1
v5.6-rc2
v5.6-rc3
v5.6-rc4
v5.6-rc5
v5.6-rc6
v5.6-rc7
v5.7
v5.7-rc1
v5.7-rc2
v5.7-rc3
v5.7-rc4
v5.7-rc5
v5.7-rc6
v5.7-rc7
v5.8
v5.8-rc1
v5.8-rc2
v5.8-rc3
v5.8-rc4
v5.8-rc5
v5.8-rc6
v5.8-rc7
v5.9
v5.9-rc1
v5.9-rc2
v5.9-rc3
v5.9-rc4
v5.9-rc5
v5.9-rc6
v5.9-rc7
v5.9-rc8

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33e723dc054edfc94da90eecca3b72cb424ce4a3",
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/mac.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-49123-0ad33fc2",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "159275423261889838062956574172509616550",
                "336319888280723005017382015506461479843",
                "290931254744813056586911112174052913244",
                "45024020145578453431566911141144894322"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@261b07519518bd14cb168b287b17e1d195f8d0c8",
        "target": {
            "file": "drivers/net/wireless/ath/ath11k/mac.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-49123-87ab8b84",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "159275423261889838062956574172509616550",
                "336319888280723005017382015506461479843",
                "290931254744813056586911112174052913244",
                "45024020145578453431566911141144894322"
            ]
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@261b07519518bd14cb168b287b17e1d195f8d0c8",
        "target": {
            "function": "ath11k_mac_mgmt_tx",
            "file": "drivers/net/wireless/ath/ath11k/mac.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-49123-cac48658",
        "signature_type": "Function",
        "digest": {
            "length": 691.0,
            "function_hash": "196786783351628869233117703972464996381"
        }
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@33e723dc054edfc94da90eecca3b72cb424ce4a3",
        "target": {
            "function": "ath11k_mac_mgmt_tx",
            "file": "drivers/net/wireless/ath/ath11k/mac.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2022-49123-ff79759f",
        "signature_type": "Function",
        "digest": {
            "length": 691.0,
            "function_hash": "196786783351628869233117703972464996381"
        }
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.6.0
Fixed
5.17.3