fkie_cve-2022-50178
Vulnerability from fkie_nvd
Published
2025-06-18 11:15
Modified
2025-06-18 13:47
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: 8852a: rfk: fix div 0 exception The DPK is a kind of RF calibration whose algorithm is to fine tune parameters and calibrate, and check the result. If the result isn't good enough, it could adjust parameters and try again. This issue is to read and show the result, but it could be a negative calibration result that causes divisor 0 and core dump. So, fix it by phy_div() that does division only if divisor isn't zero; otherwise, zero is adopted. divide error: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 728 Comm: wpa_supplicant Not tainted 5.10.114-16019-g462a1661811a #1 <HASH:d024 28> RIP: 0010:rtw8852a_dpk+0x14ae/0x288f [rtw89_core] RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0 RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92 R10: ffffffffc0292de3 R11: ffffffffc00d2f51 R12: 0000000000000000 R13: ffffa141d01023c0 R14: ffffffffc0290250 R15: ffffa141d0102638 FS: 00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0 PKRU: 55555554 Call Trace: rtw89_core_sta_add+0x95/0x9c [rtw89_core <HASH:d239 29>] rtw89_ops_sta_state+0x5d/0x108 [rtw89_core <HASH:d239 29>] drv_sta_state+0x115/0x66f [mac80211 <HASH:81fe 30>] sta_info_insert_rcu+0x45c/0x713 [mac80211 <HASH:81fe 30>] sta_info_insert+0xf/0x1b [mac80211 <HASH:81fe 30>] ieee80211_prep_connection+0x9d6/0xb0c [mac80211 <HASH:81fe 30>] ieee80211_mgd_auth+0x2aa/0x352 [mac80211 <HASH:81fe 30>] cfg80211_mlme_auth+0x160/0x1f6 [cfg80211 <HASH:00cd 31>] nl80211_authenticate+0x2e5/0x306 [cfg80211 <HASH:00cd 31>] genl_rcv_msg+0x371/0x3a1 ? nl80211_stop_sched_scan+0xe5/0xe5 [cfg80211 <HASH:00cd 31>] ? genl_rcv+0x36/0x36 netlink_rcv_skb+0x8a/0xf9 genl_rcv+0x28/0x36 netlink_unicast+0x27b/0x3a0 netlink_sendmsg+0x2aa/0x469 sock_sendmsg_nosec+0x49/0x4d ____sys_sendmsg+0xe5/0x213 __sys_sendmsg+0xec/0x157 ? syscall_enter_from_user_mode+0xd7/0x116 do_syscall_64+0x43/0x55 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fa99f6e689b
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/065e83ac83c0c0e615b96947145c85c4bd76c09a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5abc81a138f873ab55223ec674afc3a3f945d60f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/683a4647a7a3044868cfdc14c117525091b9fa0c
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: 8852a: rfk: fix div 0 exception\n\nThe DPK is a kind of RF calibration whose algorithm is to fine tune\nparameters and calibrate, and check the result. If the result isn\u0027t good\nenough, it could adjust parameters and try again.\n\nThis issue is to read and show the result, but it could be a negative\ncalibration result that causes divisor 0 and core dump. So, fix it by\nphy_div() that does division only if divisor isn\u0027t zero; otherwise,\nzero is adopted.\n\n  divide error: 0000 [#1] PREEMPT SMP NOPTI\n  CPU: 1 PID: 728 Comm: wpa_supplicant Not tainted 5.10.114-16019-g462a1661811a #1 \u003cHASH:d024 28\u003e\n  RIP: 0010:rtw8852a_dpk+0x14ae/0x288f [rtw89_core]\n  RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246\n  RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n  RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0\n  RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92\n  R10: ffffffffc0292de3 R11: ffffffffc00d2f51 R12: 0000000000000000\n  R13: ffffa141d01023c0 R14: ffffffffc0290250 R15: ffffa141d0102638\n  FS:  00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0\n  PKRU: 55555554\n  Call Trace:\n   rtw89_core_sta_add+0x95/0x9c [rtw89_core \u003cHASH:d239 29\u003e]\n   rtw89_ops_sta_state+0x5d/0x108 [rtw89_core \u003cHASH:d239 29\u003e]\n   drv_sta_state+0x115/0x66f [mac80211 \u003cHASH:81fe 30\u003e]\n   sta_info_insert_rcu+0x45c/0x713 [mac80211 \u003cHASH:81fe 30\u003e]\n   sta_info_insert+0xf/0x1b [mac80211 \u003cHASH:81fe 30\u003e]\n   ieee80211_prep_connection+0x9d6/0xb0c [mac80211 \u003cHASH:81fe 30\u003e]\n   ieee80211_mgd_auth+0x2aa/0x352 [mac80211 \u003cHASH:81fe 30\u003e]\n   cfg80211_mlme_auth+0x160/0x1f6 [cfg80211 \u003cHASH:00cd 31\u003e]\n   nl80211_authenticate+0x2e5/0x306 [cfg80211 \u003cHASH:00cd 31\u003e]\n   genl_rcv_msg+0x371/0x3a1\n   ? nl80211_stop_sched_scan+0xe5/0xe5 [cfg80211 \u003cHASH:00cd 31\u003e]\n   ? genl_rcv+0x36/0x36\n   netlink_rcv_skb+0x8a/0xf9\n   genl_rcv+0x28/0x36\n   netlink_unicast+0x27b/0x3a0\n   netlink_sendmsg+0x2aa/0x469\n   sock_sendmsg_nosec+0x49/0x4d\n   ____sys_sendmsg+0xe5/0x213\n   __sys_sendmsg+0xec/0x157\n   ? syscall_enter_from_user_mode+0xd7/0x116\n   do_syscall_64+0x43/0x55\n   entry_SYSCALL_64_after_hwframe+0x44/0xa9\n  RIP: 0033:0x7fa99f6e689b"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtw89: 8852a: rfk: correcci\u00f3n de la excepci\u00f3n div 0. DPK es un tipo de calibraci\u00f3n de RF cuyo algoritmo ajusta los par\u00e1metros, calibra y comprueba el resultado. Si el resultado no es lo suficientemente bueno, podr\u00eda ajustar los par\u00e1metros e intentarlo de nuevo. Este problema se produce al leer y mostrar el resultado, pero podr\u00eda ser un resultado de calibraci\u00f3n negativo que cause un divisor 0 y un volcado de memoria. Por lo tanto, se debe solucionar con phy_div(), que realiza la divisi\u00f3n solo si el divisor no es cero; de lo contrario, se adopta el valor cero. error de divisi\u00f3n: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 728 Comm: wpa_supplicant No contaminado 5.10.114-16019-g462a1661811a #1  RIP: 0010:rtw8852a_dpk+0x14ae/0x288f [rtw89_core] RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0 RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92 R10: fffffffc0292de3 R11: fffffffc00d2f51 R12: 000000000000000 R13: ffffa141d01023c0 R14: fffffffc0290250 R15: ffffa141d0102638 FS: 00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0 PKRU: 55555554 Rastreo de llamadas:  rtw89_core_sta_add+0x95/0x9c [rtw89_core ] rtw89_ops_sta_state+0x5d/0x108 [rtw89_core ] drv_sta_state+0x115/0x66f [mac80211 ] sta_info_insert_rcu+0x45c/0x713 [mac80211 ] sta_info_insert+0xf/0x1b [mac80211 ] ieee80211_prep_connection+0x9d6/0xb0c [mac80211 ] ieee80211_mgd_auth+0x2aa/0x352 [mac80211 ] cfg80211_mlme_auth+0x160/0x1f6 [cfg80211 ] nl80211_authenticate+0x2e5/0x306 [cfg80211 ] genl_rcv_msg+0x371/0x3a1 ? nl80211_stop_sched_scan+0xe5/0xe5 [cfg80211 ] ? genl_rcv+0x36/0x36 netlink_rcv_skb+0x8a/0xf9 genl_rcv+0x28/0x36 netlink_unicast+0x27b/0x3a0 netlink_sendmsg+0x2aa/0x469 sock_sendmsg_nosec+0x49/0x4d ____sys_sendmsg+0xe5/0x213 __sys_sendmsg+0xec/0x157 ? syscall_enter_from_user_mode+0xd7/0x116 do_syscall_64+0x43/0x55 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fa99f6e689b "
    }
  ],
  "id": "CVE-2022-50178",
  "lastModified": "2025-06-18T13:47:40.833",
  "metrics": {},
  "published": "2025-06-18T11:15:48.217",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/065e83ac83c0c0e615b96947145c85c4bd76c09a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5abc81a138f873ab55223ec674afc3a3f945d60f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/683a4647a7a3044868cfdc14c117525091b9fa0c"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.