CVE-2022-49326 is a vulnerability in the Linux kernel affecting the Realtek rtl818x wireless driver, specifically impacting rtl8180 and rtl8185 wireless network cards. The issue arises from the driver attempting to use uninitialized transmit (tx) queues when handling network packets with certain priority levels. After an update to wpa_supplicant version 2.10, which introduced the use of IEEE80211_AC_VO (voice) priority, the kernel crashes with a divide error due to the driver reading from a tx queue ring buffer that was never initialized for these older wireless cards. The root cause is that rtl8180 and rtl8185 cards only support a single tx queue, but the driver code unconditionally accesses a second queue (tx_ring[2]) whose ring buffer entries count is zero, leading to a kernel panic. This vulnerability can cause denial of service by crashing the kernel when connecting to a wireless access point using affected hardware and software versions. The issue was reported by Pierre Asselin and fixed by ignoring skb priority for these cards, preventing the use of non-existent queues. The vulnerability affects Linux kernel versions prior to the patch and is triggered by network activity involving these specific Realtek wireless cards combined with wpa_supplicant 2.10 or later. No known exploits are reported in the wild yet, and no CVSS score has been assigned.

For European organizations, this vulnerability primarily poses a risk of denial of service on systems using affected Realtek rtl8180 or rtl8185 wireless cards running vulnerable Linux kernel versions with wpa_supplicant 2.10 or newer. Such kernel panics can disrupt network connectivity and potentially cause system reboots, impacting availability of critical services, especially in environments relying on wireless connectivity for operational continuity. While the vulnerability does not directly lead to privilege escalation or data compromise, repeated crashes could degrade system reliability and availability. Organizations with legacy hardware or embedded systems using these older Realtek cards are at higher risk. The impact is more pronounced in sectors where wireless connectivity is critical, such as manufacturing, healthcare, or remote offices. Given the lack of known exploits, the immediate threat is moderate, but unpatched systems remain vulnerable to accidental or targeted triggering of the kernel panic.

To mitigate this vulnerability, European organizations should: 1) Identify systems using Realtek rtl8180 or rtl8185 wireless cards and verify the Linux kernel version and wpa_supplicant version in use. 2) Apply the official Linux kernel patch that prevents use of uninitialized tx queues for these cards, or upgrade to a Linux kernel version that includes this fix. 3) If patching is not immediately possible, consider downgrading wpa_supplicant to version 2.9 or earlier to avoid triggering the issue. 4) Where feasible, replace legacy rtl8180/rtl8185 wireless hardware with more modern, supported devices that do not exhibit this vulnerability. 5) Monitor system logs for kernel panics or wireless connection failures that may indicate attempts to trigger this vulnerability. 6) Implement network segmentation and access controls to limit exposure of vulnerable systems to untrusted wireless networks. These steps go beyond generic advice by focusing on hardware identification, specific software version management, and hardware replacement planning.