Published: 16/02/2022 Updated: 07/11/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 4.6 | Impact Score: 3.6 | Exploitability Score: 0.9

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

An issue exists in drivers/usb/gadget/composite.c in the Linux kernel prior to 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
fedoraproject fedora 35
debian debian linux 9.0
debian debian linux 10.0
debian debian linux 11.0
netapp active iq unified manager -
netapp h300s_firmware -
netapp h500s_firmware -
netapp h700s_firmware -
netapp h410s_firmware -
netapp h410c_firmware -

Several security issues were fixed in the Linux kernel ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2020-29374 Jann Horn of Google reported a flaw in Linux's virtual memory management A parent and child process initially share all their memory, but when either writes to a shared page, ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2021-43976 Zekun Shen and Brendan Dolan-Gavitt discovered a flaw in the mwifiex_usb_recv() function of the Marvell WiFi-Ex USB Driver An attacker able to connect a crafted USB device can ...

An issue was discovered in the Linux kernel before 51610 The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval) Memory corruption might occur ...

CVE-2022-25258 - Demo exploit targeting usb gadget's os descriptor handler

d-os-descriptor Summary The USB Gadget Subsystem includes security issues in the OS descriptor handling section of composite_setup function (compositec) Processing of properly crafted control transfer request messages result in device crash due to null pointer dereference or memory corruption Description The OS descriptor handling section of composite_setup for interface rec

CWE-476 https://github.com/torvalds/linux/commit/75e5b4849b81e19e9efe1654b30d7f3151c33c2c https://github.com/szymonh/d-os-descriptor https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 https://www.debian.org/security/2022/dsa-5096 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://www.debian.org/security/2022/dsa-5092 https://security.netapp.com/advisory/ntap-20221028-0007/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCW2KZYJ2H6BKZE3CVLHRIXYDGNYYC5P/https://nvd.nist.gov https://github.com/szymonh/d-os-descriptor https://ubuntu.com/security/notices/USN-5415-1

CVE-2022-25258

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect