CVE-2022-48837 usb: gadget: rndis: prevent integer overflow in rndis_set_response()

2024-07-1612:25:09

Linux

www.cve.org

linux kernel

usb

gadget

rndis

integer overflow

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: rndis: prevent integer overflow in rndis_set_response()

If “BufOffset” is very large the “BufOffset + 8” operation can have an
integer overflow.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/usb/gadget/function/rndis.c"
    ],
    "versions": [
      {
        "version": "ff0a90739925",
        "lessThan": "8b3e4d26bc9c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "4c22fbcef778",
        "lessThan": "c7953cf03a26",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "db9aaa302629",
        "lessThan": "138d4f739b35",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "c9e952871ae4",
        "lessThan": "218293762683",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "fb4ff0f96de3",
        "lessThan": "28bc0267399f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "2da3b0ab54fb",
        "lessThan": "56b38e3ca406",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "2724ebafda0a",
        "lessThan": "df7e088d51cd",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "38ea1eac7d88",
        "lessThan": "65f3324f4b6f",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/usb/gadget/function/rndis.c"
    ],
    "versions": [
      {
        "version": "4.9.302",
        "lessThan": "4.9.308",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "4.14.267",
        "lessThan": "4.14.273",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "4.19.230",
        "lessThan": "4.19.236",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.4.180",
        "lessThan": "5.4.187",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.10.101",
        "lessThan": "5.10.108",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.15.24",
        "lessThan": "5.15.31",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "5.16.10",
        "lessThan": "5.16.17",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]