{"id":"CVE-2022-49326","summary":"rtl818x: Prevent using not initialized queues","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nrtl818x: Prevent using not initialized queues\n\nUsing not existing queues can panic the kernel with rtl8180/rtl8185 cards.\nIgnore the skb priority for those cards, they only have one tx queue. Pierre\nAsselin (pa@panix.com) reported the kernel crash in the Gentoo forum:\n\nhttps://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html\n\nHe also confirmed that this patch fixes the issue. In summary this happened:\n\nAfter updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a\n\"divide error: 0000\" when connecting to an AP. Control port tx now tries to\nuse IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in\n2.10.\n\nSince only the rtl8187se part of the driver supports QoS, the priority\nof the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185\ncards.\n\nrtl8180 is then unconditionally reading out the priority and finally crashes on\ndrivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without this\npatch:\n\tidx = (ring-\u003eidx + skb_queue_len(&ring-\u003equeue)) % ring-\u003eentries\n\n\"ring-\u003eentries\" is zero for rtl8180/rtl8185 cards, tx_ring[2] never got\ninitialized.","modified":"2026-04-02T08:27:30.035567Z","published":"2025-02-26T02:10:48.630Z","related":["SUSE-SU-2025:01983-1","SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1194-1","SUSE-SU-2025:1241-1","SUSE-SU-2025:1263-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49326.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/6ad81ad0cf5744738ce94c8e64051ddd80a1734c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/746285cf81dc19502ab238249d75f5990bd2d231"},{"type":"WEB","url":"https://git.kernel.org/stable/c/769ec2a824deae2f1268dfda14999a4d14d0d0c5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/98e55b0b876bde3353f4e074883d66ecb55c65a3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9ad1981fc4de3afb7db3e8eb5a6a52d4c7d0d577"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9d5e96cc1f1720019ce27b127a31695148d38bb0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b5dca2cd3f0239512da808598b4e70557eb4c2a1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b8ce58ab80faaea015c206382041ff3bcf5495ff"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d7e30dfc166d33470bba31a42f9bbc346e5409d5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49326.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49326"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fd6564fcdc0bfcd432e6e939f9538acc3905d08a"},{"fixed":"b5dca2cd3f0239512da808598b4e70557eb4c2a1"},{"fixed":"d7e30dfc166d33470bba31a42f9bbc346e5409d5"},{"fixed":"9d5e96cc1f1720019ce27b127a31695148d38bb0"},{"fixed":"b8ce58ab80faaea015c206382041ff3bcf5495ff"},{"fixed":"769ec2a824deae2f1268dfda14999a4d14d0d0c5"},{"fixed":"6ad81ad0cf5744738ce94c8e64051ddd80a1734c"},{"fixed":"9ad1981fc4de3afb7db3e8eb5a6a52d4c7d0d577"},{"fixed":"98e55b0b876bde3353f4e074883d66ecb55c65a3"},{"fixed":"746285cf81dc19502ab238249d75f5990bd2d231"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49326.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}