SB20250226604 - Use of uninitialized resource in Linux kernel staging rtl8712 driver
Published: February 26, 2025 Updated: May 11, 2025
Security Bulletin ID
SB20250226604
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2022-49298)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the r871xu_drv_init() function in drivers/staging/rtl8712/usb_intf.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0458e5428e5e959d201a40ffe71d762a79ecedc4
- https://git.kernel.org/stable/c/0b7371a22489cbb2e8e826ca03fb5ce92afb04fe
- https://git.kernel.org/stable/c/277faa442fe0c59f418ac53f47a78e1266addd65
- https://git.kernel.org/stable/c/52a0d88c328098b4e9fb8f2f3877fec0eff4104b
- https://git.kernel.org/stable/c/70df04433fd351ba72bc635bd0b5fe443d9ac964
- https://git.kernel.org/stable/c/76a964ad0ea8f2b10abd69a7532e174a28258283
- https://git.kernel.org/stable/c/a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2
- https://git.kernel.org/stable/c/f36e754a1f0bafb9feeea63463de78080acb6de0
- https://git.kernel.org/stable/c/ff727ab0b7d7a56b5ef281f12abd00c4b85894e9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.122