An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.
References
Link | Resource |
---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 | Release Notes Vendor Advisory |
https://github.com/szymonh/d-os-descriptor | Issue Tracking Third Party Advisory |
https://github.com/torvalds/linux/commit/75e5b4849b81e19e9efe1654b30d7f3151c33c2c | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCW2KZYJ2H6BKZE3CVLHRIXYDGNYYC5P/ | |
https://security.netapp.com/advisory/ntap-20221028-0007/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5092 | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5096 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
07 Nov 2023, 03:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
07 Dec 2022, 02:12
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Netapp active Iq Unified Manager
Netapp h500s Netapp h700s Netapp h700s Firmware Netapp h410c Firmware Netapp Netapp h410s Netapp h300s Netapp h300s Firmware Netapp h500s Firmware Netapp h410c Netapp h410s Firmware |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221028-0007/ - Third Party Advisory |
28 Oct 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 May 2022, 14:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5096 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5092 - Third Party Advisory | |
First Time |
Debian debian Linux
Debian |
10 Mar 2022, 17:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Feb 2022, 20:23
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 - Release Notes, Vendor Advisory | |
References | (MISC) https://github.com/torvalds/linux/commit/75e5b4849b81e19e9efe1654b30d7f3151c33c2c - Patch, Third Party Advisory | |
References | (MISC) https://github.com/szymonh/d-os-descriptor - Issue Tracking, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCW2KZYJ2H6BKZE3CVLHRIXYDGNYYC5P/ - Mailing List, Third Party Advisory | |
First Time |
Linux linux Kernel
Fedoraproject fedora Linux Fedoraproject |
|
CVSS |
v2 : v3 : |
v2 : 4.9
v3 : 4.6 |
CPE | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
|
CWE | CWE-476 |
25 Feb 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Feb 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur. |
16 Feb 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-16 20:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-25258
Mitre link : CVE-2022-25258
CVE.ORG link : CVE-2022-25258
JSON object : View
Products Affected
netapp
- h500s
- h410c
- h700s_firmware
- h410s
- h500s_firmware
- h300s
- h700s
- h300s_firmware
- active_iq_unified_manager
- h410s_firmware
- h410c_firmware
linux
- linux_kernel
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-476
NULL Pointer Dereference