7.8

CVE-2022-48948

usb: gadget: uvc: Prevent buffer overflow in setup handler

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: uvc: Prevent buffer overflow in setup handler

Setup function uvc_function_setup permits control transfer
requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),
data stage handler for OUT transfer uses memcpy to copy req->actual
bytes to uvc_event->data.data array of size 60. This may result
in an overflow of 4 bytes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.35 < 4.9.337
LinuxLinux Kernel Version >= 4.10 < 4.14.303
LinuxLinux Kernel Version >= 4.15 < 4.19.270
LinuxLinux Kernel Version >= 4.20 < 5.4.229
LinuxLinux Kernel Version >= 5.5 < 5.10.161
LinuxLinux Kernel Version >= 5.11 < 5.15.85
LinuxLinux Kernel Version >= 5.16 < 6.0.15
LinuxLinux Kernel Version6.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.185
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

https://git.kernel.org/stable/c/06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5
Patch
https://git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35
Patch
https://git.kernel.org/stable/c/4c92670b16727365699fe4b19ed32013bab2c107
Patch
https://git.kernel.org/stable/c/6b41a35b41f77821db24f2d8f66794b390a585c5
Patch
https://git.kernel.org/stable/c/7b1f773277a72f9756d47a41b94e43506cce1954
Patch
https://git.kernel.org/stable/c/b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be
Patch
https://git.kernel.org/stable/c/bc8380fe5768c564f921f7b4eaba932e330b9e4b
Patch
https://git.kernel.org/stable/c/c79538f32df12887f110dcd6b9c825b482905f24
Patch
https://git.kernel.org/stable/c/d1a92bb8d697f170d93fe922da763d7d156b8841
Patch