CVE-2022-48837

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: rndis: prevent integer overflow in rndis_set_response()

If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxff0a90739925734c91c7e39befe3f4378e0c1369 < 8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006baffected
LinuxLinux4c22fbcef778badb00fb8bb9f409daa29811c175 < c7953cf03a26876d676145ce5d2ae6d8c9630b90affected
LinuxLinuxdb9aaa3026298d652e98f777bc0f5756e2455dda < 138d4f739b35dfb40438a0d5d7054965763bfbe7affected
LinuxLinuxc9e952871ae47af784b4aef0a77db02e557074d6 < 21829376268397f9fd2c35cfa9135937b6aa3a1eaffected
LinuxLinuxfb4ff0f96de37c44236598e8b53fe43b1df36bf3 < 28bc0267399f42f987916a7174e2e32f0833cc65affected
LinuxLinux2da3b0ab54fb7f4d7c5a82757246d0ee33a47197 < 56b38e3ca4064041d93c1ca18828c8cedad2e16caffected
LinuxLinux2724ebafda0a8df08a9cb91557d33226bee80f7b < df7e088d51cdf78b1a0bf1f3d405c2593295c7b0affected
LinuxLinux38ea1eac7d88072bbffb630e2b3db83ca649b826 < 65f3324f4b6fed78b8761c3b74615ecf0ffa81faaffected
LinuxLinux4.9.302 < 4.9.308affected
LinuxLinux4.14.267 < 4.14.273affected
LinuxLinux4.19.230 < 4.19.236affected
LinuxLinux5.4.180 < 5.4.187affected
LinuxLinux5.10.101 < 5.10.108affected
LinuxLinux5.15.24 < 5.15.31affected
LinuxLinux5.16.10 < 5.16.17affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References