Lucene search

[email protected]CVE-2022-27223

HistoryMar 16, 2022 - 12:15 a.m.

CVE-2022-27223

2022-03-1600:15:00

CWE-129

[email protected]

web.nvd.nist.gov

149

cve

linux kernel

endpoint index

validation

out-of-array access

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

47.5%

JSON

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt5.16.12
linux:linux_kernellinux linux kernellt5.15.26
linux:linux_kernellinux linux kernellt5.10.103
linux:linux_kernellinux linux kernellt5.4.182
linux:linux_kernellinux linux kernellt4.19.232
linux:linux_kernellinux linux kernellt4.14.269
linux:linux_kernellinux linux kernellt4.9.304
netapp:active_iq_unified_managernetapp active iq unified managereq-
netapp:h500s_firmwarenetapp h500s firmwareeq-
netapp:h700s_firmwarenetapp h700s firmwareeq-

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	5.16.12
linux:linux_kernel	linux linux kernel	lt	5.15.26
linux:linux_kernel	linux linux kernel	lt	5.10.103
linux:linux_kernel	linux linux kernel	lt	5.4.182
linux:linux_kernel	linux linux kernel	lt	4.19.232
linux:linux_kernel	linux linux kernel	lt	4.14.269
linux:linux_kernel	linux linux kernel	lt	4.9.304
netapp:active_iq_unified_manager	netapp active iq unified manager	eq	-
netapp:h500s_firmware	netapp h500s firmware	eq	-
netapp:h700s_firmware	netapp h700s firmware	eq	-