We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2022-48948

usb: gadget: uvc: Prevent buffer overflow in setup handler



AssignerLinux
Reserved2024-08-22
Published2024-10-21
Updated2024-11-04

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvc_event->data.data array of size 60. This may result in an overflow of 4 bytes.

Product status

Default status
unaffected

cdda479f15cd before 4972e3528b96
affected

cdda479f15cd before 06fd17ee92c8
affected

cdda479f15cd before bc8380fe5768
affected

cdda479f15cd before b8fb1cba934e
affected

cdda479f15cd before c79538f32df1
affected

cdda479f15cd before 6b41a35b41f7
affected

cdda479f15cd before 7b1f773277a7
affected

cdda479f15cd before d1a92bb8d697
affected

cdda479f15cd before 4c92670b1672
affected

Default status
affected

2.6.35
affected

Any version before 2.6.35
unaffected

4.9.337
unaffected

4.14.303
unaffected

4.19.270
unaffected

5.4.229
unaffected

5.10.161
unaffected

5.15.85
unaffected

6.0.15
unaffected

6.1.1
unaffected

6.2
unaffected

References

https://git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35

https://git.kernel.org/stable/c/06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5

https://git.kernel.org/stable/c/bc8380fe5768c564f921f7b4eaba932e330b9e4b

https://git.kernel.org/stable/c/b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be

https://git.kernel.org/stable/c/c79538f32df12887f110dcd6b9c825b482905f24

https://git.kernel.org/stable/c/6b41a35b41f77821db24f2d8f66794b390a585c5

https://git.kernel.org/stable/c/7b1f773277a72f9756d47a41b94e43506cce1954

https://git.kernel.org/stable/c/d1a92bb8d697f170d93fe922da763d7d156b8841

https://git.kernel.org/stable/c/4c92670b16727365699fe4b19ed32013bab2c107

cve.org CVE-2022-48948

nvd.nist.gov CVE-2022-48948

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.