Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2022-48938

HistoryAug 22, 2024 - 4:15 a.m.

CVE-2022-48938

2024-08-2204:15:17

CWE-190

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

vulnerability

cdc-ncm

overflow

sanity checking

integer overflow

unsigned

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.0%

JSON

In the Linux kernel, the following vulnerability has been resolved:

CDC-NCM: avoid overflow in sanity checking

A broken device may give an extreme offset like 0xFFF0
and a reasonable length for a fragment. In the sanity
check as formulated now, this will create an integer
overflow, defeating the sanity check. Both offset
and offset + len need to be checked in such a manner
that no overflow can occur.
And those quantities should be unsigned.

Affected configurations

Nvd

Node

linuxlinux_kernelRange<5.10.103

linuxlinux_kernelRange5.11–5.15.26

linuxlinux_kernelRange5.16–5.16.12

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

git.kernel.org/stable/c/49909c9f8458cacb5b241106cba65aba5a6d8f4c

git.kernel.org/stable/c/69560efa001397ebb8dc1c3e6a3ce00302bb9f7f

git.kernel.org/stable/c/7b737e47b87589031f0d4657f6d7b0b770474925

git.kernel.org/stable/c/8d2b1a1ec9f559d30b724877da4ce592edc41fdc

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.0%

JSON

Related for NVD:CVE-2022-48938