{
  "threat_severity" : "Moderate",
  "public_date" : "2025-06-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue",
    "id" : "2373419",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373419"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-772",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nwifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue\nAfter successfull station association, if station queues are disabled for\nsome reason, the related lists are not emptied. So if some new element is\nadded to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old\none and produce a BUG like this:\n[   46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388).\n[   46.535283] ------------[ cut here ]------------\n[   46.535284] kernel BUG at lib/list_debug.c:26!\n[   46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[   46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1\n[   46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN       , BIOS A07 08/24/2012\n[   46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f\n[   46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1\n[   46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286\n[   46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000\n[   46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff\n[   46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666\n[   46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388\n[   46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0\n[   46.666108] FS:  00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000\n[   46.674331] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[   46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0\n[   46.687422] Call Trace:\n[   46.689906]  <TASK>\n[   46.691950]  iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm]\n[   46.697601]  ieee80211_queue_skb+0x4b3/0x720 [mac80211]\n[   46.702973]  ? sta_info_get+0x46/0x60 [mac80211]\n[   46.707703]  ieee80211_tx+0xad/0x110 [mac80211]\n[   46.712355]  __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211]\n...\nIn order to avoid this problem, we must also remove the related lists when\nstation queues are disabled." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:2951",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-477.10.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2022-12-06T00:00:00Z",
    "advisory" : "RHSA-2022:8809",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.6",
    "package" : "kernel-0:4.18.0-372.36.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2022-12-06T00:00:00Z",
    "advisory" : "RHSA-2022:8809",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "kernel-0:4.18.0-372.36.1.el8_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50164\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50164\nhttps://lore.kernel.org/linux-cve-announce/2025061826-CVE-2022-50164-878e@gregkh/T" ],
  "name" : "CVE-2022-50164",
  "csaw" : false
}