CVE-2022-50187 – A race condition vulnerability in the Linux ker... (How to Fix)

Q: What is the severity of CVE-2022-50187?

CVE-2022-50187 has a CVSS score of 4.7 (MEDIUM). A race condition vulnerability in the Linux kernel's ath11k wireless driver allows a local attacker to trigger a kernel panic (denial of service) by exploiting timing issues during network device initialization. This affects systems using Qualcomm Atheros 802.11ax wireless chipsets with vulnerable kernel versions. The vulnerability requires local access to trigger.

📋 TL;DR

A race condition vulnerability in the Linux kernel's ath11k wireless driver allows a local attacker to trigger a kernel panic (denial of service) by exploiting timing issues during network device initialization. This affects systems using Qualcomm Atheros 802.11ax wireless chipsets with vulnerable kernel versions. The vulnerability requires local access to trigger.

💻 Affected Systems

Products:

Linux kernel with ath11k wireless driver

Versions: Linux kernel versions containing vulnerable ath11k driver code before fixes were backported

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Qualcomm Atheros 802.11ax wireless hardware (WCN6855, etc.) where ath11k driver is loaded and used.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.

🟠

Likely Case

System crash when wireless interface is brought up, causing temporary service disruption until reboot.

🟢

If Mitigated

No impact if patched or if vulnerable driver not loaded.

🌐 Internet-Facing: LOW - Requires local access to trigger, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local users or processes could crash systems with vulnerable wireless hardware.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires precise timing to trigger race condition during device initialization. No known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 307ce58270b3b50ca21cfcc910568429b06803f7 and related backports

Vendor Advisory: https://git.kernel.org/stable/c/307ce58270b3b50ca21cfcc910568429b06803f7

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fix. 2. For distributions: Use package manager (apt/yum/dnf) to install latest kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable ath11k driver

linux

Prevent loading of vulnerable driver if wireless functionality not required

echo 'blacklist ath11k' >> /etc/modprobe.d/blacklist-ath11k.conf
update-initramfs -u
reboot

Delay network interface startup

linux

Add delay to reduce race condition probability

Add 'sleep 2' in network startup scripts before bringing up wireless interfaces

🧯 If You Can't Patch

Restrict local user access to systems with vulnerable wireless hardware
Monitor for kernel panic events and implement automatic recovery procedures

🔍 How to Verify

Check if Vulnerable:

Check if ath11k module is loaded: lsmod | grep ath11k AND check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commit: grep -r '307ce58270b3b50ca21cfcc910568429b06803f7' /usr/src/linux-headers-*

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages with 'ath11k_mac_op_start' in backtrace
BUG: Oops messages referencing timer.c:990
System crash/reboot events

Network Indicators:

Sudden loss of wireless connectivity followed by system reboot

SIEM Query:

event_type:"kernel" AND message:"ath11k" AND (message:"BUG" OR message:"Oops" OR message:"panic")

📊 Metadata

CVE ID: CVE-2022-50187

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-362

EPSS Score: 0.01% exploit probability (1.9th percentile)

Published: June 18, 2025

Last Updated: November 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50187, you might also want to check these: