5.5
CVE-2022-48836
- EPSS 0.24%
- Veröffentlicht 16.07.2024 13:15:11
- Zuletzt bearbeitet 21.11.2024 07:34:10
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
Input: aiptek - properly check endpoint type
In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint. Fix it by replacing old desc.bNumEndpoints check with usb_find_common_endpoints() helper for finding endpoints Fail log: usb 5-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 Modules linked in: CPU: 2 PID: 48 Comm: kworker/2:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Workqueue: usb_hub_wq hub_event ... Call Trace: <TASK> aiptek_open+0xd5/0x130 drivers/input/tablet/aiptek.c:830 input_open_device+0x1bb/0x320 drivers/input/input.c:629 kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.4 < 4.9.308
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.273
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.236
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.187
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.108
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.31
Linux ≫ Linux Kernel Version >= 5.16 < 5.16.17
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.151 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
https://git.kernel.org/stable/c/35069e654bcab567ff8b9f0e68e1caf82c15dcd7
https://git.kernel.org/stable/c/5600f6986628dde8881734090588474f54a540a8
https://git.kernel.org/stable/c/57277a8b5d881e02051ba9d7f6cb3f915c229821
https://git.kernel.org/stable/c/6de20111cd0bb7da9b2294073ba00c7d2a6c1c4f
https://git.kernel.org/stable/c/e732b0412f8c603d1e998f3bff41b5e7d5c3914c
https://git.kernel.org/stable/c/e762f57ff255af28236cd02ca9fc5c7e5a089d31
https://git.kernel.org/stable/c/f0d43d22d24182b94d7eb78a2bf6ae7e2b33204a
https://git.kernel.org/stable/c/fc8033a55e2796d21e370260a784ac9fbb8305a6