Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:rtl818x: Prevent using not initialized queuesUsing not existing queues can panic the kernel with rtl8180/rtl8185 cards.Ignore the skb priority for those cards, they only have one tx queue. PierreAsselin (pa@panix.com) reported the kernel crash in the Gentoo forum:https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.htmlHe also confirmed that this patch fixes the issue. In summary this happened:After updating wpa_supplicant from 2.9 to 2.10 the kernel crashed with a"divide error: 0000" when connecting to an AP. Control port tx now tries touse IEEE80211_AC_VO for the priority, which wpa_supplicants starts to use in2.10.Since only the rtl8187se part of the driver supports QoS, the priorityof the skb is set to IEEE80211_AC_BE (2) by mac80211 for rtl8180/rtl8185cards.rtl8180 is then unconditionally reading out the priority and finally crashes ondrivers/net/wireless/realtek/rtl818x/rtl8180/dev.c line 544 without thispatch: idx = (ring->idx + skb_queue_len(&ring->queue)) % ring->entries"ring->entries" is zero for rtl8180/rtl8185 cards, tx_ring[2] never gotinitialized.
- https://git.kernel.org/stable/c/9ad1981fc4de3afb7db3e8eb5a6a52d4c7d0d577
No PoCs found on GitHub currently.