CVE-2022-23467 Out of Bounds Read in OpenRazer Driver

2022-12-0519:22:30

CWE-125

GitHub_M

www.cve.org

openrazer

out of bounds read

vulnerability

usb devices

patch

gnu/linux

users advisory

4.4 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.5%

JSON

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the razer_attr_read_dpi_stages, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices.

CNA Affected

[
  {
    "vendor": "openrazer",
    "product": "openrazer",
    "versions": [
      {
        "version": "< 3.5.1",
        "status": "affected"
      }
    ]
  }
]