Bugzilla – Bug 1206392
VUL-0: CVE-2022-3110: kernel: Unchecked rtw_alloc_hwxmits return leads to null pointer dereference
Last modified: 2023-01-03 04:53:01 UTC
rh#2153055 [Suggested description] An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference. ------------------------------------------ [VulnerabilityType Other] NULL Pointer Dereference ------------------------------------------ [Vendor of Product] the development group ------------------------------------------ [Affected Product Code Base] Linux kernel - 5.16-rc6 ------------------------------------------ [Reference] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=f94b47c6bde624d6c07f43054087607c52054a95 ------------------------------------------ [Discoverer] Jiasheng Jiang References: https://bugzilla.redhat.com/show_bug.cgi?id=2153055 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3110
I looked if the patch was trivial. And I was curious that the error path did not revert previous changes. And indeed, there are several followup patches that are fixing the error handling. I am not sure how critical they are thought. I am not completely sure who could best handle the bug. It seems to be some wifi driver. I think that Takashi is probably the right person. Takashi, feel free to reassign the bug to another person that would better understand the code.
This is a new driver and it's not included in any SLE releases, but only in TW kernel (that was already fixed). Reassigned back to security team.