Bug 1206392 - (CVE-2022-3110) VUL-0: CVE-2022-3110: kernel: Unchecked rtw_alloc_hwxmits return leads to null pointer dereference
VUL-0: CVE-2022-3110: kernel: Unchecked rtw_alloc_hwxmits return leads to nul...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-12-14 07:26 UTC by Alexander Bergmann
Modified: 2023-01-03 04:53 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2022-12-14 07:26:12 UTC

[Suggested description]
An issue was discovered in the Linux kernel through 5.16-rc6.
_rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks
check of the return value of rtw_alloc_hwxmits() and will cause the
null pointer dereference.


[VulnerabilityType Other]
NULL Pointer Dereference


[Vendor of Product]
the development group


[Affected Product Code Base]
Linux kernel - 5.16-rc6




Jiasheng Jiang

Comment 2 Petr Mladek 2022-12-16 10:51:06 UTC
I looked if the patch was trivial. And I was curious that the error path
did not revert previous changes. And indeed, there are several followup
patches that are fixing the error handling. I am not sure how critical
they are thought.

I am not completely sure who could best handle the bug. It seems
to be some wifi driver. I think that Takashi is probably the right

Takashi, feel free to reassign the bug to another person that would
better understand the code.
Comment 3 Takashi Iwai 2022-12-27 14:42:23 UTC
This is a new driver and it's not included in any SLE releases, but only in TW kernel (that was already fixed).

Reassigned back to security team.