CVE-2022-50533 in Linux
Summary
by MITRE • 10/07/2025
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: mlme: fix null-ptr deref on failed assoc
If association to an AP without a link 0 fails, then we crash in tracing because it assumes that either ap_mld_addr or link 0 BSS is valid, since we clear sdata->vif.valid_links and then don't add the ap_mld_addr to the struct.
Since we clear also sdata->vif.cfg.ap_addr, keep a local copy of it and assign it earlier, before clearing valid_links, to fix this.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 04/19/2026
The vulnerability described in CVE-2022-50533 represents a critical null pointer dereference flaw within the Linux kernel's mac80211 wireless subsystem that specifically affects the management link layer entity (mlme) component. This issue manifests during wireless association processes when attempting to connect to an access point without a valid link 0, creating a scenario where the kernel's tracing mechanisms encounter a null pointer reference that leads to system crashes. The flaw exists in the wireless networking stack's handling of association failures, particularly in how it manages the cleanup and state transitions of wireless virtual interface data structures during failed connection attempts.
The technical root cause of this vulnerability stems from improper state management within the mac80211 subsystem where the kernel clears the sdata->vif.valid_links field before properly handling the cleanup of associated wireless network identifiers. When an association attempt fails, the system attempts to clear the valid_links bitmask and removes the ap_mld_addr from the structure, but fails to preserve crucial address information that subsequent tracing operations require. This creates a race condition or state inconsistency where the tracing subsystem assumes that either the ap_mld_addr or link 0 BSS structure remains valid, leading to direct dereference of null pointers that ultimately result in kernel oops and system instability. The issue is particularly severe because it occurs during normal network operation when wireless devices attempt to establish connections to wireless networks.
The operational impact of this vulnerability extends beyond simple system crashes to potentially enable denial of service attacks against wireless network infrastructure and client devices. When exploited, this vulnerability can cause wireless networking components to become unresponsive, forcing users to disconnect and reconnect to wireless networks repeatedly. The flaw affects any system running a Linux kernel with the mac80211 subsystem that handles wireless association requests, making it particularly concerning for mobile devices, enterprise wireless infrastructure, and any environment where wireless connectivity is critical. The vulnerability's exploitation requires only the ability to trigger a failed wireless association attempt, which can be achieved through various means including network interference, misconfigured access points, or targeted network disruption attacks. This makes it a particularly dangerous flaw that can be leveraged by attackers to disrupt wireless communications in both consumer and enterprise environments.
The mitigation strategy for CVE-2022-50533 involves implementing a code fix that preserves critical wireless network address information before clearing the valid_links field, specifically by maintaining a local copy of the sdata->vif.cfg.ap_addr value and assigning it earlier in the process before the state cleanup operations occur. This approach aligns with the CWE-476 principle of null pointer dereference prevention and follows the ATT&CK framework's mitigation recommendations for kernel-level vulnerabilities. The fix ensures that tracing mechanisms and subsequent operations have access to necessary address information even after the primary state structures have been cleared, preventing the crash condition. System administrators should prioritize applying kernel updates that contain this fix, particularly in environments where wireless connectivity is mission-critical, and monitor for any potential disruptions in wireless network services during the update process. The vulnerability demonstrates the importance of careful state management in kernel space and highlights the need for thorough testing of error conditions in wireless networking subsystems.