CVE-2022-48837

EPSS 0.02%
Published 16.07.2024 13:15:11
Last modified 21.11.2024 07:34:10
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: rndis: prevent integer overflow in rndis_set_response()

If "BufOffset" is very large the "BufOffset + 8" operation can have an
integer overflow.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.9.302 < 4.9.308

Linux ≫ Linux Kernel Version >= 4.14.267 < 4.14.273

Linux ≫ Linux Kernel Version >= 4.19.230 < 4.19.236

Linux ≫ Linux Kernel Version >= 5.4.180 < 5.4.187

Linux ≫ Linux Kernel Version >= 5.10.101 < 5.10.108

Linux ≫ Linux Kernel Version >= 5.15.24 < 5.15.31

Linux ≫ Linux Kernel Version >= 5.16.10 < 5.16.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.022

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/138d4f739b35dfb40438a0d5d7054965763bfbe7

Patch

Mailing List

https://git.kernel.org/stable/c/21829376268397f9fd2c35cfa9135937b6aa3a1e

Patch

Mailing List

https://git.kernel.org/stable/c/28bc0267399f42f987916a7174e2e32f0833cc65

Patch

Mailing List

https://git.kernel.org/stable/c/56b38e3ca4064041d93c1ca18828c8cedad2e16c

Patch

Mailing List