5.5

CVE-2022-49984

HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report

In the Linux kernel, the following vulnerability has been resolved:

HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report

It is possible for a malicious device to forgo submitting a Feature
Report.  The HID Steam driver presently makes no prevision for this
and de-references the 'struct hid_report' pointer obtained from the
HID devices without first checking its validity.  Let's change that.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.18 < 4.19.257
LinuxLinux Kernel Version >= 4.20 < 5.4.212
LinuxLinux Kernel Version >= 5.5 < 5.10.141
LinuxLinux Kernel Version >= 5.11 < 5.15.65
LinuxLinux Kernel Version >= 5.16 < 5.19.7
LinuxLinux Kernel Version6.0 Updaterc1
LinuxLinux Kernel Version6.0 Updaterc2
LinuxLinux Kernel Version6.0 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.11
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/c20d03b82a2e3ddbb555dad4d4f3374a9763222c
Patch
https://git.kernel.org/stable/c/fa2b822d86be5b5ad54fe4fa2daca464e71ff90a
Patch
https://git.kernel.org/stable/c/dc815761948ab5b8c94db6cb53c95103588f16ae
Patch
https://git.kernel.org/stable/c/989560b6d9e00d99e07bc33067fa1c770994bf4d
Patch
https://git.kernel.org/stable/c/dee1e51b54794e90763e70a3c78f27ba4fa930ec
Patch
https://git.kernel.org/stable/c/cd11d1a6114bd4bc6450ae59f6e110ec47362126
Patch