cve-2022-48866
Vulnerability from cvelistv5
Published
2024-07-16 12:25
Modified
2024-12-19 08:09
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints. Code should not blindly access usb_host_interface::endpoint array, since it may contain less endpoints than code expects. Fix it by adding missing validaion check and print an error if number of endpoints do not match expected number
Impacted products
Vendor Product Version
Linux Linux Version: 5.13
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48866",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:25:15.923244Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:06.872Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-thrustmaster.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3ffbe85cda7f523dad896bae08cecd8db8b555ab",
              "status": "affected",
              "version": "c49c33637802a2c6957a78119eb8be3b055dd9e9",
              "versionType": "git"
            },
            {
              "lessThan": "56185434e1e50acecee56d8f5850135009b87947",
              "status": "affected",
              "version": "c49c33637802a2c6957a78119eb8be3b055dd9e9",
              "versionType": "git"
            },
            {
              "lessThan": "fc3ef2e3297b3c0e2006b5d7b3d66965e3392036",
              "status": "affected",
              "version": "c49c33637802a2c6957a78119eb8be3b055dd9e9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-thrustmaster.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts\n\nSyzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug.\nThe root case is in missing validation check of actual number of endpoints.\n\nCode should not blindly access usb_host_interface::endpoint array, since\nit may contain less endpoints than code expects.\n\nFix it by adding missing validaion check and print an error if\nnumber of endpoints do not match expected number"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:09:28.791Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036"
        }
      ],
      "title": "HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48866",
    "datePublished": "2024-07-16T12:25:28.571Z",
    "dateReserved": "2024-07-16T11:38:08.920Z",
    "dateUpdated": "2024-12-19T08:09:28.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-48866\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-16T13:15:13.377\",\"lastModified\":\"2024-11-21T07:34:14.620\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nHID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts\\n\\nSyzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug.\\nThe root case is in missing validation check of actual number of endpoints.\\n\\nCode should not blindly access usb_host_interface::endpoint array, since\\nit may contain less endpoints than code expects.\\n\\nFix it by adding missing validaion check and print an error if\\nnumber of endpoints do not match expected number\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: HID: hid-thrustmaster: corrige la lectura OOB en Thrustmaster_interrupts Syzbot inform\u00f3 un error de lectura fuera de los l\u00edmites en Thrustmaster_probe(). El caso ra\u00edz es la falta de verificaci\u00f3n de validaci\u00f3n del n\u00famero real de endpoints. El c\u00f3digo no debe acceder ciegamente a usb_host_interface::endpoint array, ya que puede contener menos endpoints de los que espera el c\u00f3digo. Solucionelo agregando una verificaci\u00f3n de validaci\u00f3n faltante e imprima un error si el n\u00famero de endpoints no coincide con el n\u00famero esperado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.13\",\"versionEndExcluding\":\"5.15.29\",\"matchCriteriaId\":\"062C5263-014B-4069-BEBB-ADFE8EA1AF10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.16.15\",\"matchCriteriaId\":\"83FDEDF2-0E19-4879-91FD-171E66D1B335\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555ab\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555ab\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.