CVE-2022-25375

🗓️ 20 Feb 2022 20:18:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 147 Views🌐 WEB

An issue in Linux kernel USB gadget allows for sensitive information retrieva

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 83
RedhatCVE	CVE-2022-25375	2 Mar 202210:53	–	redhatcve
NVD	CVE-2022-25375	20 Feb 202220:15	–	nvd
Debian CVE	CVE-2022-25375	20 Feb 202220:15	–	debiancve
Cvelist	CVE-2022-25375	20 Feb 202219:47	–	cvelist
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2022-25375	5 Mar 202500:00	–	nessus
Tenable Nessus	Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5540-1)	29 Jul 202200:00	–	nessus
Tenable Nessus	SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0763-1)	22 Mar 202200:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:0760-1)	22 Mar 202200:00	–	nessus
Tenable Nessus	Photon OS 3.0: Linux PHSA-2022-3.0-0370	24 Jul 202400:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : kernel (openSUSE-SU-2022:0760-1)	10 Mar 202200:00	–	nessus

Nvd

Node

linux linux_kernelRange<5.16.10

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Source	Link
debian	www.debian.org/security/2022/dsa-5096
lists	www.lists.debian.org/debian-lts-announce/2022/03/msg00011.html
lists	www.lists.debian.org/debian-lts-announce/2022/03/msg00012.html
github	www.github.com/szymonh/rndis-co
cdn	www.cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10
github	www.github.com/torvalds/linux/commit/38ea1eac7d88072bbffb630e2b3db83ca649b826
debian	www.debian.org/security/2022/dsa-5092
openwall	www.openwall.com/lists/oss-security/2022/02/21/1

Parameter	Position	Path	Description	CWE
InformationBufferOffset	request body	/drivers/usb/gadget/function/rndis.c	The RNDIS USB Gadget may be exploited to dump contents of kernel memory space due to lack of validation of buffer boundaries.	CWE-1284
InformationBufferLength	request body	/drivers/usb/gadget/function/rndis.c	The RNDIS USB Gadget may be exploited to dump contents of kernel memory space due to lack of validation of buffer boundaries.	CWE-1284

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

20 Feb 2022 20:15Current

6.1Medium risk

Vulners AI Score6.1

CVSS22.1

CVSS35.5

EPSS0.00224

CWE-1284