CVE-2022-48948

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: uvc: Prevent buffer overflow in setup handler

Setup function uvc_function_setup permits control transfer
requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE),
data stage handler for OUT transfer uses memcpy to copy req->actual
bytes to uvc_event->data.data array of size 60. This may result
in an overflow of 4 bytes.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
LinuxCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
VendorProductVersion
linuxlinux_kernel
2.6.35 ≤
𝑥
< 4.9.337
linuxlinux_kernel
4.10 ≤
𝑥
< 4.14.303
linuxlinux_kernel
4.15 ≤
𝑥
< 4.19.270
linuxlinux_kernel
4.20 ≤
𝑥
< 5.4.229
linuxlinux_kernel
5.5 ≤
𝑥
< 5.10.161
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.85
linuxlinux_kernel
5.16 ≤
𝑥
< 6.0.15
linuxlinux_kernel
6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
trixie
6.11.5-1
fixed
sid
6.11.6-1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5
https://git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35
https://git.kernel.org/stable/c/4c92670b16727365699fe4b19ed32013bab2c107
https://git.kernel.org/stable/c/6b41a35b41f77821db24f2d8f66794b390a585c5
https://git.kernel.org/stable/c/7b1f773277a72f9756d47a41b94e43506cce1954
https://git.kernel.org/stable/c/b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be
https://git.kernel.org/stable/c/bc8380fe5768c564f921f7b4eaba932e330b9e4b
https://git.kernel.org/stable/c/c79538f32df12887f110dcd6b9c825b482905f24
https://git.kernel.org/stable/c/d1a92bb8d697f170d93fe922da763d7d156b8841