CVE-2022-49326
📋 TL;DR
A kernel panic vulnerability in Linux kernel's rtl818x wireless driver allows denial of service when using rtl8180/rtl8185 wireless cards. The driver attempts to use uninitialized transmit queues when processing certain network packets, causing a divide-by-zero crash. Users with affected wireless hardware running vulnerable kernel versions are impacted.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to complete system crash and denial of service, requiring physical or remote reboot.
Likely Case
System crash when connecting to wireless networks with wpa_supplicant 2.10+ or when processing certain network traffic patterns.
If Mitigated
No impact if patched or using unaffected hardware.
🎯 Exploit Status
Exploitation requires local wireless network access and specific hardware. The crash was discovered during normal wpa_supplicant 2.10 usage.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 6ad81ad0cf5744738ce94c8e64051ddd80a1734c or later
Vendor Advisory: https://git.kernel.org/stable/c/6ad81ad0cf5744738ce94c8e64051ddd80a1734c
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify driver is updated.
🔧 Temporary Workarounds
Disable affected wireless hardware
linuxBlacklist or disable rtl8180/rtl8185 drivers to prevent kernel panic
echo 'blacklist rtl8180' >> /etc/modprobe.d/blacklist.conf
echo 'blacklist rtl8185' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
reboot
Downgrade wpa_supplicant
linuxUse wpa_supplicant 2.9 or earlier to avoid triggering the bug
apt-get install wpa-supplicant=2.9*
yum downgrade wpa_supplicant
🧯 If You Can't Patch
- Replace rtl8180/rtl8185 wireless hardware with unaffected models
- Use wired network connections instead of wireless
🔍 How to Verify
Check if Vulnerable:
Check if rtl8180 or rtl8185 driver is loaded: lsmod | grep rtl818 && check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and test wireless connectivity with wpa_supplicant 2.10+📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages mentioning 'divide error'
- System crash/reboot logs
- Wireless driver error messages
Network Indicators:
- Wireless connection failures followed by system crash
SIEM Query:
event_type:kernel AND (message:"divide error" OR message:"rtl818" OR message:"panic")🔗 References
- https://git.kernel.org/stable/c/6ad81ad0cf5744738ce94c8e64051ddd80a1734c
- https://git.kernel.org/stable/c/746285cf81dc19502ab238249d75f5990bd2d231
- https://git.kernel.org/stable/c/769ec2a824deae2f1268dfda14999a4d14d0d0c5
- https://git.kernel.org/stable/c/98e55b0b876bde3353f4e074883d66ecb55c65a3
- https://git.kernel.org/stable/c/9ad1981fc4de3afb7db3e8eb5a6a52d4c7d0d577
- https://git.kernel.org/stable/c/9d5e96cc1f1720019ce27b127a31695148d38bb0
- https://git.kernel.org/stable/c/b5dca2cd3f0239512da808598b4e70557eb4c2a1
- https://git.kernel.org/stable/c/b8ce58ab80faaea015c206382041ff3bcf5495ff
- https://git.kernel.org/stable/c/d7e30dfc166d33470bba31a42f9bbc346e5409d5
