[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024071621-CVE-2022-48837-9325@gregkh>
Date: Tue, 16 Jul 2024 14:27:22 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2022-48837: usb: gadget: rndis: prevent integer overflow in rndis_set_response()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: rndis: prevent integer overflow in rndis_set_response()
If "BufOffset" is very large the "BufOffset + 8" operation can have an
integer overflow.
The Linux kernel CVE team has assigned CVE-2022-48837 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.9.302 with commit ff0a90739925 and fixed in 4.9.308 with commit 8b3e4d26bc9c
Issue introduced in 4.14.267 with commit 4c22fbcef778 and fixed in 4.14.273 with commit c7953cf03a26
Issue introduced in 4.19.230 with commit db9aaa302629 and fixed in 4.19.236 with commit 138d4f739b35
Issue introduced in 5.4.180 with commit c9e952871ae4 and fixed in 5.4.187 with commit 218293762683
Issue introduced in 5.10.101 with commit fb4ff0f96de3 and fixed in 5.10.108 with commit 28bc0267399f
Issue introduced in 5.15.24 with commit 2da3b0ab54fb and fixed in 5.15.31 with commit 56b38e3ca406
Issue introduced in 5.16.10 with commit 2724ebafda0a and fixed in 5.16.17 with commit df7e088d51cd
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2022-48837
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/usb/gadget/function/rndis.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b
https://git.kernel.org/stable/c/c7953cf03a26876d676145ce5d2ae6d8c9630b90
https://git.kernel.org/stable/c/138d4f739b35dfb40438a0d5d7054965763bfbe7
https://git.kernel.org/stable/c/21829376268397f9fd2c35cfa9135937b6aa3a1e
https://git.kernel.org/stable/c/28bc0267399f42f987916a7174e2e32f0833cc65
https://git.kernel.org/stable/c/56b38e3ca4064041d93c1ca18828c8cedad2e16c
https://git.kernel.org/stable/c/df7e088d51cdf78b1a0bf1f3d405c2593295c7b0
https://git.kernel.org/stable/c/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa
Powered by blists - more mailing lists