Linux Kernel rtl818x Uninitialized Queue Vulnerability Causes Kernel Panic

A vulnerability in the Linux kernel's rtl818x wireless driver can lead to a kernel panic when using rtl8180 or rtl8185 network cards. The issue arises from the driver attempting to use a transmission queue that has not been initialized, which can cause a 'divide error' crash. This vulnerability was introduced when wpa_supplicant was updated from version 2.9 to 2.10, as the new version started using a priority that the affected driver does not support. The problem has been resolved by patching the driver to ignore the skb priority for these specific cards, which only have one transmission queue.

Impact

Exploitation of this vulnerability can cause a kernel crash, leading to a denial of service on the affected system.

Reproduction

The vulnerability can be reproduced by connecting to a wireless access point using an rtl8180 or rtl8185 network card with wpa_supplicant version 2.10. The driver will attempt to use an uninitialized transmission queue, causing the kernel to panic and crash.

Remediation

Users can apply the available patch to the rtl818x driver in the Linux kernel to prevent the use of uninitialized queues and avoid the resulting kernel panic.