Lucene search

LinuxCVE-2022-48836

HistoryJul 16, 2024 - 1:15 p.m.

CVE-2022-48836

2024-07-1613:15:11

Linux

web.nvd.nist.gov

linux kernel

usb endpoint

vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

Input: aiptek - properly check endpoint type

Syzbot reported warning in usb_submit_urb() which is caused by wrong
endpoint type. There was a check for the number of endpoints, but not
for the type of endpoint.

Fix it by replacing old desc.bNumEndpoints check with
usb_find_common_endpoints() helper for finding endpoints

Fail log:

usb 5-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502
Modules linked in:
CPU: 2 PID: 48 Comm: kworker/2:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Workqueue: usb_hub_wq hub_event
…
Call Trace:
<TASK>
aiptek_open+0xd5/0x130 drivers/input/tablet/aiptek.c:830
input_open_device+0x1bb/0x320 drivers/input/input.c:629
kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange4.4–4.9.308

linuxlinux_kernelRange4.10–4.14.273

linuxlinux_kernelRange4.15–4.19.236

linuxlinux_kernelRange4.20–5.4.187

linuxlinux_kernelRange5.5–5.10.108

linuxlinux_kernelRange5.11–5.15.31

linuxlinux_kernelRange5.16–5.16.17

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/input/tablet/aiptek.c"
    ],
    "versions": [
      {
        "version": "8e20cf2bce12",
        "lessThan": "57277a8b5d88",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8e20cf2bce12",
        "lessThan": "fc8033a55e27",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8e20cf2bce12",
        "lessThan": "6de20111cd0b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8e20cf2bce12",
        "lessThan": "e732b0412f8c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8e20cf2bce12",
        "lessThan": "f0d43d22d241",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8e20cf2bce12",
        "lessThan": "e762f57ff255",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8e20cf2bce12",
        "lessThan": "35069e654bca",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8e20cf2bce12",
        "lessThan": "5600f6986628",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/input/tablet/aiptek.c"
    ],
    "versions": [
      {
        "version": "4.4",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.4",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.9.308",
        "lessThanOrEqual": "4.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.14.273",
        "lessThanOrEqual": "4.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.236",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.187",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.108",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.31",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.17",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]