We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-48948

usb: gadget: uvc: Prevent buffer overflow in setup handler



Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvc_event->data.data array of size 60. This may result in an overflow of 4 bytes.

Reserved 2024-08-22 | Published 2024-10-21 | Updated 2024-12-19 | Assigner Linux

Product status

Default status
unaffected

cdda479f15cd13fa50a913ca85129c0437cc7b91 before 4972e3528b968665b596b5434764ff8fd9446d35
affected

cdda479f15cd13fa50a913ca85129c0437cc7b91 before 06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5
affected

cdda479f15cd13fa50a913ca85129c0437cc7b91 before bc8380fe5768c564f921f7b4eaba932e330b9e4b
affected

cdda479f15cd13fa50a913ca85129c0437cc7b91 before b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be
affected

cdda479f15cd13fa50a913ca85129c0437cc7b91 before c79538f32df12887f110dcd6b9c825b482905f24
affected

cdda479f15cd13fa50a913ca85129c0437cc7b91 before 6b41a35b41f77821db24f2d8f66794b390a585c5
affected

cdda479f15cd13fa50a913ca85129c0437cc7b91 before 7b1f773277a72f9756d47a41b94e43506cce1954
affected

cdda479f15cd13fa50a913ca85129c0437cc7b91 before d1a92bb8d697f170d93fe922da763d7d156b8841
affected

cdda479f15cd13fa50a913ca85129c0437cc7b91 before 4c92670b16727365699fe4b19ed32013bab2c107
affected

Default status
affected

2.6.35
affected

Any version before 2.6.35
unaffected

4.9.337
unaffected

4.14.303
unaffected

4.19.270
unaffected

5.4.229
unaffected

5.10.161
unaffected

5.15.85
unaffected

6.0.15
unaffected

6.1.1
unaffected

6.2
unaffected

References

git.kernel.org/...c/4972e3528b968665b596b5434764ff8fd9446d35

git.kernel.org/...c/06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5

git.kernel.org/...c/bc8380fe5768c564f921f7b4eaba932e330b9e4b

git.kernel.org/...c/b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be

git.kernel.org/...c/c79538f32df12887f110dcd6b9c825b482905f24

git.kernel.org/...c/6b41a35b41f77821db24f2d8f66794b390a585c5

git.kernel.org/...c/7b1f773277a72f9756d47a41b94e43506cce1954

git.kernel.org/...c/d1a92bb8d697f170d93fe922da763d7d156b8841

git.kernel.org/...c/4c92670b16727365699fe4b19ed32013bab2c107

cve.org (CVE-2022-48948)

nvd.nist.gov (CVE-2022-48948)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2022-48948

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.