CVE-2022-48836

Summary

In the Linux kernel, the following vulnerability has been resolved:

Input: aiptek - properly check endpoint type

Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint.

Fix it by replacing old desc.bNumEndpoints check with usb_find_common_endpoints() helper for finding endpoints

Fail log:

usb 5-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 Modules linked in: CPU: 2 PID: 48 Comm: kworker/2:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Workqueue: usb_hub_wq hub_event … Call Trace: <TASK> aiptek_open+0xd5/0x130 drivers/input/tablet/aiptek.c:830 input_open_device+0x1bb/0x320 drivers/input/input.c:629 kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 < 57277a8b5d881e02051ba9d7f6cb3f915c229821affected
LinuxLinux8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 < fc8033a55e2796d21e370260a784ac9fbb8305a6affected
LinuxLinux8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 < 6de20111cd0bb7da9b2294073ba00c7d2a6c1c4faffected
LinuxLinux8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 < e732b0412f8c603d1e998f3bff41b5e7d5c3914caffected
LinuxLinux8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 < f0d43d22d24182b94d7eb78a2bf6ae7e2b33204aaffected
LinuxLinux8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 < e762f57ff255af28236cd02ca9fc5c7e5a089d31affected
LinuxLinux8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 < 35069e654bcab567ff8b9f0e68e1caf82c15dcd7affected
LinuxLinux8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 < 5600f6986628dde8881734090588474f54a540a8affected
LinuxLinux90eb3c037fe3f0f25f01713a92725a8daa2b41f3affected
LinuxLinuxa7c0ba06670f99c252d5bb74258dddbf50fef837affected
LinuxLinux3.2.79 < 3.3affected
LinuxLinux3.12.53 < 3.13affected
LinuxLinux4.4affected
LinuxLinux0 < 4.4unaffected
LinuxLinux4.9.308 <= 4.9.*unaffected
LinuxLinux4.14.273 <= 4.14.*unaffected
LinuxLinux4.19.236 <= 4.19.*unaffected
LinuxLinux5.4.187 <= 5.4.*unaffected
LinuxLinux5.10.108 <= 5.10.*unaffected
LinuxLinux5.15.31 <= 5.15.*unaffected
LinuxLinux5.16.17 <= 5.16.*unaffected
LinuxLinux5.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References