5.5
CVE-2022-49326
- EPSS 0.28%
- Veröffentlicht 26.02.2025 07:01:09
- Zuletzt bearbeitet 01.10.2025 20:16:09
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
rtl818x: Prevent using not initialized queues
In the Linux kernel, the following vulnerability has been resolved: rtl818x: Prevent using not initialized queues Using not existing queues can panic the kernel with rtl8180/rtl8185 cards. Ignore the skb priority for those cards, they only have one tx queue. Pierre Asselin (pa@panix.com) reported the kernel crash in the Gentoo forum: https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html He also confirmed that this patch fixes the issue. In summary this happened: After updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a "divide error: 0000" when connecting to an AP. Control port tx now tries to use IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in 2.10. Since only the rtl8187se part of the driver supports QoS, the priority of the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185 cards. rtl8180 is then unconditionally reading out the priority and finally crashes on drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this patch: idx = (ring->idx + skb_queue_len(&ring->queue)) % ring->entries "ring->entries" is zero for rtl8180/rtl8185 cards, tx_ring[2] never got initialized.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 4.9.318
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.283
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.247
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.198
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.121
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.46
Linux ≫ Linux Kernel Version >= 5.16 < 5.17.14
Linux ≫ Linux Kernel Version >= 5.18 < 5.18.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.196 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
https://git.kernel.org/stable/c/6ad81ad0cf5744738ce94c8e64051ddd80a1734c
https://git.kernel.org/stable/c/746285cf81dc19502ab238249d75f5990bd2d231
https://git.kernel.org/stable/c/769ec2a824deae2f1268dfda14999a4d14d0d0c5
https://git.kernel.org/stable/c/98e55b0b876bde3353f4e074883d66ecb55c65a3
https://git.kernel.org/stable/c/9ad1981fc4de3afb7db3e8eb5a6a52d4c7d0d577
https://git.kernel.org/stable/c/9d5e96cc1f1720019ce27b127a31695148d38bb0
https://git.kernel.org/stable/c/b5dca2cd3f0239512da808598b4e70557eb4c2a1
https://git.kernel.org/stable/c/b8ce58ab80faaea015c206382041ff3bcf5495ff
https://git.kernel.org/stable/c/d7e30dfc166d33470bba31a42f9bbc346e5409d5