lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <2025061831-CVE-2022-50178-52a0@gregkh>
Date: Wed, 18 Jun 2025 13:04:03 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2022-50178: wifi: rtw89: 8852a: rfk: fix div 0 exception

From: Greg Kroah-Hartman <gregkh@...nel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw89: 8852a: rfk: fix div 0 exception

The DPK is a kind of RF calibration whose algorithm is to fine tune
parameters and calibrate, and check the result. If the result isn't good
enough, it could adjust parameters and try again.

This issue is to read and show the result, but it could be a negative
calibration result that causes divisor 0 and core dump. So, fix it by
phy_div() that does division only if divisor isn't zero; otherwise,
zero is adopted.

  divide error: 0000 [#1] PREEMPT SMP NOPTI
  CPU: 1 PID: 728 Comm: wpa_supplicant Not tainted 5.10.114-16019-g462a1661811a #1 <HASH:d024 28>
  RIP: 0010:rtw8852a_dpk+0x14ae/0x288f [rtw89_core]
  RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246
  RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
  RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0
  RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92
  R10: ffffffffc0292de3 R11: ffffffffc00d2f51 R12: 0000000000000000
  R13: ffffa141d01023c0 R14: ffffffffc0290250 R15: ffffa141d0102638
  FS:  00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0
  PKRU: 55555554
  Call Trace:
   rtw89_core_sta_add+0x95/0x9c [rtw89_core <HASH:d239 29>]
   rtw89_ops_sta_state+0x5d/0x108 [rtw89_core <HASH:d239 29>]
   drv_sta_state+0x115/0x66f [mac80211 <HASH:81fe 30>]
   sta_info_insert_rcu+0x45c/0x713 [mac80211 <HASH:81fe 30>]
   sta_info_insert+0xf/0x1b [mac80211 <HASH:81fe 30>]
   ieee80211_prep_connection+0x9d6/0xb0c [mac80211 <HASH:81fe 30>]
   ieee80211_mgd_auth+0x2aa/0x352 [mac80211 <HASH:81fe 30>]
   cfg80211_mlme_auth+0x160/0x1f6 [cfg80211 <HASH:00cd 31>]
   nl80211_authenticate+0x2e5/0x306 [cfg80211 <HASH:00cd 31>]
   genl_rcv_msg+0x371/0x3a1
   ? nl80211_stop_sched_scan+0xe5/0xe5 [cfg80211 <HASH:00cd 31>]
   ? genl_rcv+0x36/0x36
   netlink_rcv_skb+0x8a/0xf9
   genl_rcv+0x28/0x36
   netlink_unicast+0x27b/0x3a0
   netlink_sendmsg+0x2aa/0x469
   sock_sendmsg_nosec+0x49/0x4d
   ____sys_sendmsg+0xe5/0x213
   __sys_sendmsg+0xec/0x157
   ? syscall_enter_from_user_mode+0xd7/0x116
   do_syscall_64+0x43/0x55
   entry_SYSCALL_64_after_hwframe+0x44/0xa9
  RIP: 0033:0x7fa99f6e689b

The Linux kernel CVE team has assigned CVE-2022-50178 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.16 with commit e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd and fixed in 5.18.18 with commit 065e83ac83c0c0e615b96947145c85c4bd76c09a
	Issue introduced in 5.16 with commit e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd and fixed in 5.19.2 with commit 5abc81a138f873ab55223ec674afc3a3f945d60f
	Issue introduced in 5.16 with commit e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd and fixed in 6.0 with commit 683a4647a7a3044868cfdc14c117525091b9fa0c

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-50178
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/net/wireless/realtek/rtw89/rtw8852a_rfk.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/065e83ac83c0c0e615b96947145c85c4bd76c09a
	https://git.kernel.org/stable/c/5abc81a138f873ab55223ec674afc3a3f945d60f
	https://git.kernel.org/stable/c/683a4647a7a3044868cfdc14c117525091b9fa0c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ