CVE-2022-49326: rtl818x: Prevent using not initialized queues
First published: Wed Feb 26 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: rtl818x: Prevent using not initialized queues Using not existing queues can panic the kernel with rtl8180/rtl8185 cards. Ignore the skb priority for those cards, they only have one tx queue. Pierre Asselin (pa@panix.com) reported the kernel crash in the Gentoo forum: https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html He also confirmed that this patch fixes the issue. In summary this happened: After updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a "divide error: 0000" when connecting to an AP. Control port tx now tries to use IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in 2.10. Since only the rtl8187se part of the driver supports QoS, the priority of the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185 cards. rtl8180 is then unconditionally reading out the priority and finally crashes on drivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this patch: idx = (ring->idx + skb_queue_len(&ring->queue)) % ring->entries "ring->entries" is zero for rtl8180/rtl8185 cards, tx_ring[2] never got initialized.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| wpa_supplicant | >2.9<=2.10 | |
| Linux Kernel | <4.9.318 | |
| Linux Kernel | >=4.10<4.14.283 | |
| Linux Kernel | >=4.15<4.19.247 | |
| Linux Kernel | >=4.20<5.4.198 | |
| Linux Kernel | >=5.5<5.10.121 | |
| Linux Kernel | >=5.11<5.15.46 | |
| Linux Kernel | >=5.16<5.17.14 | |
| Linux Kernel | >=5.18<5.18.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/b5dca2cd3f0239512da808598b4e70557eb4c2a1
- https://git.kernel.org/stable/c/d7e30dfc166d33470bba31a42f9bbc346e5409d5
- https://git.kernel.org/stable/c/9d5e96cc1f1720019ce27b127a31695148d38bb0
- https://git.kernel.org/stable/c/b8ce58ab80faaea015c206382041ff3bcf5495ff
- https://git.kernel.org/stable/c/769ec2a824deae2f1268dfda14999a4d14d0d0c5
- https://git.kernel.org/stable/c/6ad81ad0cf5744738ce94c8e64051ddd80a1734c
- https://git.kernel.org/stable/c/9ad1981fc4de3afb7db3e8eb5a6a52d4c7d0d577
- https://git.kernel.org/stable/c/98e55b0b876bde3353f4e074883d66ecb55c65a3
- https://git.kernel.org/stable/c/746285cf81dc19502ab238249d75f5990bd2d231
Frequently Asked Questions
What is the severity of CVE-2022-49326?
CVE-2022-49326 is rated as a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2022-49326?
To address CVE-2022-49326, update the Linux kernel to a patched version that resolves the issue.
Which systems are affected by CVE-2022-49326?
CVE-2022-49326 affects specific versions of the Linux kernel and wpa_supplicant, particularly those associated with rtl8180/rtl8185 cards.
What type of vulnerability is CVE-2022-49326?
CVE-2022-49326 is a kernel panic vulnerability that can occur when uninitialized queues are utilized.
Is there a workaround for CVE-2022-49326?
No formal workaround is recommended for CVE-2022-49326; the best course of action is to apply the available kernel updates.
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/type
- agent/title
- agent/references
- agent/source
- agent/author
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/event
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup-request
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/5.18
- vendor/wpa_supplicant
- canonical/wpa_supplicant