Bug 2396119 (CVE-2022-50361) - CVE-2022-50361 kernel: wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init()
Summary: CVE-2022-50361 kernel: wifi: wilc1000: add missing unregister_netdev() in wil...
Keywords:
Status: NEW
Alias: CVE-2022-50361
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-17 15:02 UTC by OSIDB Bzimport
Modified: 2025-10-23 09:52 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-09-17 15:02:22 UTC 
In the Linux kernel, the following vulnerability has been resolved:

wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init()

Fault injection test reports this issue:

kernel BUG at net/core/dev.c:10731!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
Call Trace:
  <TASK>
  wilc_netdev_ifc_init+0x19f/0x220 [wilc1000 884bf126e9e98af6a708f266a8dffd53f99e4bf5]
  wilc_cfg80211_init+0x30c/0x380 [wilc1000 884bf126e9e98af6a708f266a8dffd53f99e4bf5]
  wilc_bus_probe+0xad/0x2b0 [wilc1000_spi 1520a7539b6589cc6cde2ae826a523a33f8bacff]
  spi_probe+0xe4/0x140
  really_probe+0x17e/0x3f0
  __driver_probe_device+0xe3/0x170
  driver_probe_device+0x49/0x120

The root case here is alloc_ordered_workqueue() fails, but
cfg80211_unregister_netdevice() or unregister_netdev() not be called in
error handling path. To fix add unregister_netdev goto lable to add the
unregister operation in error handling path.
Comment 1 Keith Grant 2025-09-17 17:40:59 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091715-CVE-2022-50361-60ad@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.