Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2022-48938
HistoryAug 22, 2024 - 3:31 a.m.

CVE-2022-48938 CDC-NCM: avoid overflow in sanity checking

2024-08-2203:31:33
Linux
www.cve.org
4
cve-2022-48938
cdc-ncm
linux kernel
integer overflow
sanity check

EPSS

0

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

CDC-NCM: avoid overflow in sanity checking

A broken device may give an extreme offset like 0xFFF0
and a reasonable length for a fragment. In the sanity
check as formulated now, this will create an integer
overflow, defeating the sanity check. Both offset
and offset + len need to be checked in such a manner
that no overflow can occur.
And those quantities should be unsigned.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/usb/cdc_ncm.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "69560efa0013",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "49909c9f8458",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "7b737e47b875",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "8d2b1a1ec9f5",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/usb/cdc_ncm.c"
    ],
    "versions": [
      {
        "version": "5.10.103",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.26",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16.12",
        "lessThanOrEqual": "5.16.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

ubuntucve 1
debiancve 1
vulnrichment 1
osv 7
cve 1
nvd 1
redhatcve 1
redos 1
nessus 5
openvas 1
ubuntucve
ubuntucve
CVE-2022-48938
2024-08-22 00:00:00
debiancve
debiancve
CVE-2022-48938
2024-08-22 04:15:17
vulnrichment
vulnrichment
CVE-2022-48938 CDC-NCM: avoid overflow in sanity checking
2024-08-22 03:31:33
osv
osv
CVE-2022-48938
2024-08-22 04:15:17
Security update for the Linux Kernel
2024-09-12 13:26:12
Security update for the Linux Kernel
2024-09-10 08:45:03
cve
cve
CVE-2022-48938
2024-08-22 04:15:17
nvd
nvd
CVE-2022-48938
2024-08-22 04:15:17
redhatcve
redhatcve
CVE-2022-48938
2024-08-22 15:16:43
redos
redos
ROS-20240828-07
2024-08-28 00:00:00
nessus
nessus
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:3189-1)
2024-09-11 00:00:00
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:3251-1)
2024-09-17 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:3252-1)
2024-09-17 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:3252-1)
2024-09-17 00:00:00

EPSS

0

Percentile

5.0%

JSON
Related for CVELIST:CVE-2022-48938
ubuntucve1debiancve1vulnrichment1osv7cve1nvd1redhatcve1redos1nessus5openvas1