CVE-2022-50178

The DPK is a kind of RF calibration whose algorithm is to fine tune parameters and calibrate, and check the result. If the result isn't good enough, it could adjust parameters and try again.

This issue is to read and show the result, but it could be a negative calibration result that causes divisor 0 and core dump. So, fix it by phy_div() that does division only if divisor isn't zero; otherwise, zero is adopted.

divide error: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 728 Comm: wpasupplicant Not tainted 5.10.114-16019-g462a1661811a #1 <HASH:d024 28> RIP: 0010:rtw8852adpk+0x14ae/0x288f [rtw89core] RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0 RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92 R10: ffffffffc0292de3 R11: ffffffffc00d2f51 R12: 0000000000000000 R13: ffffa141d01023c0 R14: ffffffffc0290250 R15: ffffa141d0102638 FS: 00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0 PKRU: 55555554 Call Trace: rtw89corestaadd+0x95/0x9c [rtw89core <HASH:d239 29>] rtw89opsstastate+0x5d/0x108 [rtw89core <HASH:d239 29>] drvstastate+0x115/0x66f [mac80211 <HASH:81fe 30>] stainfoinsertrcu+0x45c/0x713 [mac80211 <HASH:81fe 30>] stainfoinsert+0xf/0x1b [mac80211 <HASH:81fe 30>] ieee80211prepconnection+0x9d6/0xb0c [mac80211 <HASH:81fe 30>] ieee80211mgdauth+0x2aa/0x352 [mac80211 <HASH:81fe 30>] cfg80211mlmeauth+0x160/0x1f6 [cfg80211 <HASH:00cd 31>] nl80211authenticate+0x2e5/0x306 [cfg80211 <HASH:00cd 31>] genlrcvmsg+0x371/0x3a1 ? nl80211stopschedscan+0xe5/0xe5 [cfg80211 <HASH:00cd 31>] ? genlrcv+0x36/0x36 netlinkrcvskb+0x8a/0xf9 genlrcv+0x28/0x36 netlinkunicast+0x27b/0x3a0 netlinksendmsg+0x2aa/0x469 socksendmsgnosec+0x49/0x4d _syssendmsg+0xe5/0x213 _syssendmsg+0xec/0x157 ? syscallenterfromusermode+0xd7/0x116 dosyscall64+0x43/0x55 entrySYSCALL64afterhwframe+0x44/0xa9 RIP: 0033:0x7fa99f6e689b

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd

Fixed

065e83ac83c0c0e615b96947145c85c4bd76c09a

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd

Fixed

5abc81a138f873ab55223ec674afc3a3f945d60f

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd

Fixed

683a4647a7a3044868cfdc14c117525091b9fa0c

Affected versions

v5.*

v5.15

v5.15-rc5

v5.15-rc6

v5.15-rc7

v5.16

v5.16-rc1

v5.16-rc2

v5.16-rc3

v5.16-rc4

v5.16-rc5

v5.16-rc6

v5.16-rc7

v5.16-rc8

v5.17

v5.17-rc1

v5.17-rc2

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.17-rc7

v5.17-rc8

v5.18

v5.18-rc1

v5.18-rc2

v5.18-rc3

v5.18-rc4

v5.18-rc5

v5.18-rc6

v5.18-rc7

v5.18.1

v5.18.10

v5.18.11

v5.18.12

v5.18.13

v5.18.14

v5.18.15

v5.18.16

v5.18.17

v5.18.2

v5.18.3

v5.18.4

v5.18.5

v5.18.6

v5.18.7

v5.18.8

v5.18.9

v5.19

v5.19-rc1

v5.19-rc2

v5.19-rc3

v5.19-rc4

v5.19-rc5

v5.19-rc6

v5.19-rc7

v5.19-rc8

v5.19.1

Database specific

{
    "vanir_signatures": [
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5abc81a138f873ab55223ec674afc3a3f945d60f",
            "deprecated": false,
            "id": "CVE-2022-50178-12a9711a",
            "digest": {
                "length": 1121.0,
                "function_hash": "263999143228608552249197503695958024942"
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "function": "_dpk_pas_read",
                "file": "drivers/net/wireless/realtek/rtw89/rtw8852a_rfk.c"
            }
        },
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@065e83ac83c0c0e615b96947145c85c4bd76c09a",
            "deprecated": false,
            "id": "CVE-2022-50178-290bbaa0",
            "digest": {
                "length": 1121.0,
                "function_hash": "263999143228608552249197503695958024942"
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "function": "_dpk_pas_read",
                "file": "drivers/net/wireless/realtek/rtw89/rtw8852a_rfk.c"
            }
        },
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@683a4647a7a3044868cfdc14c117525091b9fa0c",
            "deprecated": false,
            "id": "CVE-2022-50178-4246a141",
            "digest": {
                "length": 1121.0,
                "function_hash": "263999143228608552249197503695958024942"
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "function": "_dpk_pas_read",
                "file": "drivers/net/wireless/realtek/rtw89/rtw8852a_rfk.c"
            }
        },
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5abc81a138f873ab55223ec674afc3a3f945d60f",
            "deprecated": false,
            "id": "CVE-2022-50178-45b1f03a",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "227198377721693388975528837773380861071",
                    "203873474271582180631546954567261938044",
                    "185781800013917404845497654487912718350",
                    "94527431918374545523724830738291398361",
                    "274989319734838791063945230465467055432"
                ]
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "drivers/net/wireless/realtek/rtw89/rtw8852a_rfk.c"
            }
        },
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@683a4647a7a3044868cfdc14c117525091b9fa0c",
            "deprecated": false,
            "id": "CVE-2022-50178-7598efa8",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "227198377721693388975528837773380861071",
                    "203873474271582180631546954567261938044",
                    "185781800013917404845497654487912718350",
                    "94527431918374545523724830738291398361",
                    "274989319734838791063945230465467055432"
                ]
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "drivers/net/wireless/realtek/rtw89/rtw8852a_rfk.c"
            }
        },
        {
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@065e83ac83c0c0e615b96947145c85c4bd76c09a",
            "deprecated": false,
            "id": "CVE-2022-50178-93a6ff14",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "227198377721693388975528837773380861071",
                    "203873474271582180631546954567261938044",
                    "185781800013917404845497654487912718350",
                    "94527431918374545523724830738291398361",
                    "274989319734838791063945230465467055432"
                ]
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "drivers/net/wireless/realtek/rtw89/rtw8852a_rfk.c"
            }
        }
    ]
}

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.18.18

Type: ECOSYSTEM
Events: Introduced

5.19.0

Fixed

5.19.2