FKIE_CVE-2022-48866

Vulnerability from fkie_nvd - Published: 2024-07-16 13:15 - Updated: 2024-11-21 07:34
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints. Code should not blindly access usb_host_interface::endpoint array, since it may contain less endpoints than code expects. Fix it by adding missing validaion check and print an error if number of endpoints do not match expected number
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555abPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555abPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "062C5263-014B-4069-BEBB-ADFE8EA1AF10",
              "versionEndExcluding": "5.15.29",
              "versionStartIncluding": "5.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83FDEDF2-0E19-4879-91FD-171E66D1B335",
              "versionEndExcluding": "5.16.15",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts\n\nSyzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug.\nThe root case is in missing validation check of actual number of endpoints.\n\nCode should not blindly access usb_host_interface::endpoint array, since\nit may contain less endpoints than code expects.\n\nFix it by adding missing validaion check and print an error if\nnumber of endpoints do not match expected number"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: HID: hid-thrustmaster: corrige la lectura OOB en Thrustmaster_interrupts Syzbot inform\u00f3 un error de lectura fuera de los l\u00edmites en Thrustmaster_probe(). El caso ra\u00edz es la falta de verificaci\u00f3n de validaci\u00f3n del n\u00famero real de endpoints. El c\u00f3digo no debe acceder ciegamente a usb_host_interface::endpoint array, ya que puede contener menos endpoints de los que espera el c\u00f3digo. Solucionelo agregando una verificaci\u00f3n de validaci\u00f3n faltante e imprima un error si el n\u00famero de endpoints no coincide con el n\u00famero esperado"
    }
  ],
  "id": "CVE-2022-48866",
  "lastModified": "2024-11-21T07:34:14.620",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-16T13:15:13.377",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555ab"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555ab"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.