CVE-2022-49298 - Vulnerability Details

- staging: rtl8712: fix uninit-value in r871xu_drv_init()

Description

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8712: fix uninit-value in r871xu_drv_init()

When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0,
'mac[6]' will not be initialized.

BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541
usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396
really_probe+0x653/0x14b0 drivers/base/dd.c:596
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170
usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238
usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293
really_probe+0x653/0x14b0 drivers/base/dd.c:596
__driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752
driver_probe_device drivers/base/dd.c:782 [inline]
__device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899
bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427
__device_attach+0x593/0x8e0 drivers/base/dd.c:970
device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017
bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487
device_add+0x1fff/0x26e0 drivers/base/core.c:3405
usb_new_device+0x1b8e/0x2950 drivers/usb/core/hub.c:2566
hub_port_connect drivers/usb/core/hub.c:5358 [inline]
hub_port_connect_change drivers/usb/core/hub.c:5502 [inline]
port_event drivers/usb/core/hub.c:5660 [inline]
hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5742
process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307
worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454
kthread+0x3c7/0x500 kernel/kthread.c:377
ret_from_fork+0x1f/0x30

Local variable mac created at:
r871xu_drv_init+0x1771/0x3070 drivers/staging/rtl8712/usb_intf.c:394
usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396

KMSAN: uninit-value in r871xu_drv_init
https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8

Published: 2025-02-26

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef`	affected	< 0b7371a22489cbb2e8e826ca03fb5ce92afb04fe
`2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef`	affected	< 277faa442fe0c59f418ac53f47a78e1266addd65
`2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef`	affected	< a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2
`2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef`	affected	< 52a0d88c328098b4e9fb8f2f3877fec0eff4104b
`2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef`	affected	< ff727ab0b7d7a56b5ef281f12abd00c4b85894e9
`2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef`	affected	< f36e754a1f0bafb9feeea63463de78080acb6de0
`2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef`	affected	< 76a964ad0ea8f2b10abd69a7532e174a28258283
`2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef`	affected	< 70df04433fd351ba72bc635bd0b5fe443d9ac964
`2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef`	affected	< 0458e5428e5e959d201a40ffe71d762a79ecedc4

Linux

affected

Version	Status	Constraints
`2.6.37`	affected	—
`0`	unaffected	< 2.6.37
`4.9.318`	unaffected	≤ 4.9.*
`4.14.283`	unaffected	≤ 4.14.*
`4.19.247`	unaffected	≤ 4.19.*
`5.4.198`	unaffected	≤ 5.4.*
`5.10.122`	unaffected	≤ 5.10.*
`5.15.47`	unaffected	≤ 5.15.*
`5.17.15`	unaffected	≤ 5.17.*
`5.18.4`	unaffected	≤ 5.18.*
`5.19`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-54929	In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in r871xu_drv_init() When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0, 'mac[6]' will not be initialized. BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541 r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396 really_probe+0x653/0x14b0 drivers/base/dd.c:596 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 driver_probe_device drivers/base/dd.c:782 [inline] __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 __device_attach+0x593/0x8e0 drivers/base/dd.c:970 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 device_add+0x1fff/0x26e0 drivers/base/core.c:3405 usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238 usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293 really_probe+0x653/0x14b0 drivers/base/dd.c:596 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 driver_probe_device drivers/base/dd.c:782 [inline] __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 __device_attach+0x593/0x8e0 drivers/base/dd.c:970 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 device_add+0x1fff/0x26e0 drivers/base/core.c:3405 usb_new_device+0x1b8e/0x2950 drivers/usb/core/hub.c:2566 hub_port_connect drivers/usb/core/hub.c:5358 [inline] hub_port_connect_change drivers/usb/core/hub.c:5502 [inline] port_event drivers/usb/core/hub.c:5660 [inline] hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5742 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307 worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454 kthread+0x3c7/0x500 kernel/kthread.c:377 ret_from_fork+0x1f/0x30 Local variable mac created at: r871xu_drv_init+0x1771/0x3070 drivers/staging/rtl8712/usb_intf.c:394 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396 KMSAN: uninit-value in r871xu_drv_init https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0001.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://git.kernel.org/stable/c/0458e5428e5e959d201a40ffe71d762a79ecedc4
https://git.kernel.org/stable/c/0b7371a22489cbb2e8e826ca03fb5ce92afb04fe
https://git.kernel.org/stable/c/277faa442fe0c59f418ac53f47a78e1266addd65
https://git.kernel.org/stable/c/52a0d88c328098b4e9fb8f2f3877fec0eff4104b
https://git.kernel.org/stable/c/70df04433fd351ba72bc635bd0b5fe443d9ac964
https://git.kernel.org/stable/c/76a964ad0ea8f2b10abd69a7532e174a28258283
https://git.kernel.org/stable/c/a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2
https://git.kernel.org/stable/c/f36e754a1f0bafb9feeea63463de78080acb6de0
https://git.kernel.org/stable/c/ff727ab0b7d7a56b5ef281f12abd00c4b85894e9
https://lore.kernel.org/linux-cve-announce/2025022625-CVE-2022-49298-bc33@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-49298
https://www.cve.org/CVERecord?id=CVE-2022-49298

History

Tue, 23 Dec 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 14 Apr 2025 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-908
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel

Thu, 27 Feb 2025 01:45:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025022625-CVE-2022-49298-bc33@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-49298 https://www.cve.org/CVERecord?id=CVE-2022-49298
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 26 Feb 2025 02:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in r871xu_drv_init() When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0, 'mac[6]' will not be initialized. BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541 r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396 really_probe+0x653/0x14b0 drivers/base/dd.c:596 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 driver_probe_device drivers/base/dd.c:782 [inline] __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 __device_attach+0x593/0x8e0 drivers/base/dd.c:970 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 device_add+0x1fff/0x26e0 drivers/base/core.c:3405 usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238 usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293 really_probe+0x653/0x14b0 drivers/base/dd.c:596 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 driver_probe_device drivers/base/dd.c:782 [inline] __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 __device_attach+0x593/0x8e0 drivers/base/dd.c:970 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 device_add+0x1fff/0x26e0 drivers/base/core.c:3405 usb_new_device+0x1b8e/0x2950 drivers/usb/core/hub.c:2566 hub_port_connect drivers/usb/core/hub.c:5358 [inline] hub_port_connect_change drivers/usb/core/hub.c:5502 [inline] port_event drivers/usb/core/hub.c:5660 [inline] hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5742 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2307 worker_thread+0x10b3/0x21e0 kernel/workqueue.c:2454 kthread+0x3c7/0x500 kernel/kthread.c:377 ret_from_fork+0x1f/0x30 Local variable mac created at: r871xu_drv_init+0x1771/0x3070 drivers/staging/rtl8712/usb_intf.c:394 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396 KMSAN: uninit-value in r871xu_drv_init https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8
Title		staging: rtl8712: fix uninit-value in r871xu_drv_init()
References		https://git.kernel.org/stable/c/0458e5428e5e959d201a40ffe71d762a79ecedc4 https://git.kernel.org/stable/c/0b7371a22489cbb2e8e826ca03fb5ce92afb04fe https://git.kernel.org/stable/c/277faa442fe0c59f418ac53f47a78e1266addd65 https://git.kernel.org/stable/c/52a0d88c328098b4e9fb8f2f3877fec0eff4104b https://git.kernel.org/stable/c/70df04433fd351ba72bc635bd0b5fe443d9ac964 https://git.kernel.org/stable/c/76a964ad0ea8f2b10abd69a7532e174a28258283 https://git.kernel.org/stable/c/a6535d00a9d54ce1c2a8d86a85001ffb6844f9b2 https://git.kernel.org/stable/c/f36e754a1f0bafb9feeea63463de78080acb6de0 https://git.kernel.org/stable/c/ff727ab0b7d7a56b5ef281f12abd00c4b85894e9

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-02-26T02:01:27.111Z

Updated: 2026-05-11T18:56:59.214Z

Reserved: 2025-02-26T01:49:39.302Z

Link: CVE-2022-49298

Vulnrichment

Updated: 2025-10-01T16:13:19.042Z

NVD

Status : Modified

Published: 2025-02-26T07:01:06.630

Modified: 2025-10-01T20:16:02.637

Link: CVE-2022-49298

Redhat

Severity : Moderate

Publid Date: 2025-02-26T00:00:00Z

Links: CVE-2022-49298 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-908

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object