CVE-2022-50178

{"id": "CVE-2022-50178", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-06-18T11:15:48.217", "references": [{"url": "https://git.kernel.org/stable/c/065e83ac83c0c0e615b96947145c85c4bd76c09a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5abc81a138f873ab55223ec674afc3a3f945d60f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/683a4647a7a3044868cfdc14c117525091b9fa0c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-369"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: 8852a: rfk: fix div 0 exception\n\nThe DPK is a kind of RF calibration whose algorithm is to fine tune\nparameters and calibrate, and check the result. If the result isn't good\nenough, it could adjust parameters and try again.\n\nThis issue is to read and show the result, but it could be a negative\ncalibration result that causes divisor 0 and core dump. So, fix it by\nphy_div() that does division only if divisor isn't zero; otherwise,\nzero is adopted.\n\n divide error: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 728 Comm: wpa_supplicant Not tainted 5.10.114-16019-g462a1661811a #1 <HASH:d024 28>\n RIP: 0010:rtw8852a_dpk+0x14ae/0x288f [rtw89_core]\n RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0\n RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92\n R10: ffffffffc0292de3 R11: ffffffffc00d2f51 R12: 0000000000000000\n R13: ffffa141d01023c0 R14: ffffffffc0290250 R15: ffffa141d0102638\n FS: 00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0\n PKRU: 55555554\n Call Trace:\n rtw89_core_sta_add+0x95/0x9c [rtw89_core <HASH:d239 29>]\n rtw89_ops_sta_state+0x5d/0x108 [rtw89_core <HASH:d239 29>]\n drv_sta_state+0x115/0x66f [mac80211 <HASH:81fe 30>]\n sta_info_insert_rcu+0x45c/0x713 [mac80211 <HASH:81fe 30>]\n sta_info_insert+0xf/0x1b [mac80211 <HASH:81fe 30>]\n ieee80211_prep_connection+0x9d6/0xb0c [mac80211 <HASH:81fe 30>]\n ieee80211_mgd_auth+0x2aa/0x352 [mac80211 <HASH:81fe 30>]\n cfg80211_mlme_auth+0x160/0x1f6 [cfg80211 <HASH:00cd 31>]\n nl80211_authenticate+0x2e5/0x306 [cfg80211 <HASH:00cd 31>]\n genl_rcv_msg+0x371/0x3a1\n ? nl80211_stop_sched_scan+0xe5/0xe5 [cfg80211 <HASH:00cd 31>]\n ? genl_rcv+0x36/0x36\n netlink_rcv_skb+0x8a/0xf9\n genl_rcv+0x28/0x36\n netlink_unicast+0x27b/0x3a0\n netlink_sendmsg+0x2aa/0x469\n sock_sendmsg_nosec+0x49/0x4d\n ____sys_sendmsg+0xe5/0x213\n __sys_sendmsg+0xec/0x157\n ? syscall_enter_from_user_mode+0xd7/0x116\n do_syscall_64+0x43/0x55\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n RIP: 0033:0x7fa99f6e689b"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtw89: 8852a: rfk: correcci\u00f3n de la excepci\u00f3n div 0. DPK es un tipo de calibraci\u00f3n de RF cuyo algoritmo ajusta los par\u00e1metros, calibra y comprueba el resultado. Si el resultado no es lo suficientemente bueno, podr\u00eda ajustar los par\u00e1metros e intentarlo de nuevo. Este problema se produce al leer y mostrar el resultado, pero podr\u00eda ser un resultado de calibraci\u00f3n negativo que cause un divisor 0 y un volcado de memoria. Por lo tanto, se debe solucionar con phy_div(), que realiza la divisi\u00f3n solo si el divisor no es cero; de lo contrario, se adopta el valor cero. error de divisi\u00f3n: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 728 Comm: wpa_supplicant No contaminado 5.10.114-16019-g462a1661811a #1 RIP: 0010:rtw8852a_dpk+0x14ae/0x288f [rtw89_core] RSP: 0018:ffffa9bb412a7520 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 00000000000180fc RDI: ffffa141d01023c0 RBP: ffffa9bb412a76a0 R08: 0000000000001319 R09: 00000000ffffff92 R10: fffffffc0292de3 R11: fffffffc00d2f51 R12: 000000000000000 R13: ffffa141d01023c0 R14: fffffffc0290250 R15: ffffa141d0102638 FS: 00007fa99f5c2740(0000) GS:ffffa142e5e80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000013e8e010 CR3: 0000000110d2c000 CR4: 0000000000750ee0 PKRU: 55555554 Rastreo de llamadas: rtw89_core_sta_add+0x95/0x9c [rtw89_core ] rtw89_ops_sta_state+0x5d/0x108 [rtw89_core ] drv_sta_state+0x115/0x66f [mac80211 ] sta_info_insert_rcu+0x45c/0x713 [mac80211 ] sta_info_insert+0xf/0x1b [mac80211 ] ieee80211_prep_connection+0x9d6/0xb0c [mac80211 ] ieee80211_mgd_auth+0x2aa/0x352 [mac80211 ] cfg80211_mlme_auth+0x160/0x1f6 [cfg80211 ] nl80211_authenticate+0x2e5/0x306 [cfg80211 ] genl_rcv_msg+0x371/0x3a1 ? nl80211_stop_sched_scan+0xe5/0xe5 [cfg80211 ] ? genl_rcv+0x36/0x36 netlink_rcv_skb+0x8a/0xf9 genl_rcv+0x28/0x36 netlink_unicast+0x27b/0x3a0 netlink_sendmsg+0x2aa/0x469 sock_sendmsg_nosec+0x49/0x4d ____sys_sendmsg+0xe5/0x213 __sys_sendmsg+0xec/0x157 ? syscall_enter_from_user_mode+0xd7/0x116 do_syscall_64+0x43/0x55 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fa99f6e689b "}], "lastModified": "2025-11-28T14:51:56.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B42E453-8837-49D0-A5EF-03F818A6DC11", "versionEndExcluding": "5.18.18", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1A2A5A5-4598-4D7E-BA07-4660398D6C8F", "versionEndExcluding": "5.19.2", "versionStartIncluding": "5.19"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}