CVE-2022-50186: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability was identified in the ath11k driver where a memory leak occurs due to missing skb drop on htc_tx_completion error. The issue was discovered and documented as CVE-2022-50186. The vulnerability affects the IPQ8074 hardware platform running WLAN.HK.2.5.0.1-01208-QCAHKSWPL_SILICONZ-1 firmware (NVD, Wiz).

The vulnerability stems from a flaw in the htc_tx_completion error handling where the skb (socket buffer) is not properly dropped. When an error occurs during htc_tx_completion, the completion_handler logic expects the skb to be consumed regardless of the error state. The failure to free the skb on error results in a memory leak since the buffer won't be freed elsewhere in the code. The fix involves correctly freeing the packet when eid >= ATH11K_HTC_EP_COUNT before returning (NVD, Wiz).

The primary impact of this vulnerability is a memory leak in the Linux kernel's ath11k driver. Since the socket buffer is not properly freed during error conditions, this can lead to gradual memory consumption over time, potentially affecting system stability and performance (Wiz).

The vulnerability has been resolved in the Linux kernel through a patch that ensures proper freeing of the socket buffer during error conditions in the htc_tx_completion function. The fix specifically addresses the case when eid >= ATH11K_HTC_EP_COUNT (Wiz).