8.8
CVE-2022-27223
- EPSS 0.5%
- Veröffentlicht 16.03.2022 00:15:09
- Zuletzt bearbeitet 21.11.2024 06:55:26
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.18 < 4.9.304
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.269
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.232
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.182
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.103
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.26
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.12
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvsphere
Netapp ≫ H500s Firmware Version-
Netapp ≫ H700s Firmware Version-
Netapp ≫ H300e Firmware Version-
Netapp ≫ H500e Firmware Version-
Netapp ≫ H700e Firmware Version-
Netapp ≫ H410s Firmware Version-
Netapp ≫ H300s Firmware Version-
Debian ≫ Debian Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.65 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.