In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
References
Link | Resource |
---|---|
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12 | Mailing List Release Notes Vendor Advisory |
https://github.com/torvalds/linux/commit/7f14c7227f342d9932f9b918893c8814f86d2a0d | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220419-0001/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
History
19 Jan 2023, 03:24
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html - Mailing List, Third Party Advisory | |
First Time |
Debian
Debian debian Linux |
|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
01 Jul 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Apr 2022, 19:38
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220419-0001/ - Third Party Advisory | |
CPE | cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:* cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Netapp h300e
Netapp h410s Netapp h410s Firmware Netapp h700s Netapp Netapp h500e Firmware Netapp h700e Firmware Netapp h300e Firmware Netapp h500s Firmware Netapp h300s Firmware Netapp active Iq Unified Manager Netapp h700s Firmware Netapp h500e Netapp h700e Netapp h500s Netapp h300s |
19 Apr 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Mar 2022, 16:12
Type | Values Removed | Values Added |
---|---|---|
First Time |
Linux linux Kernel
Linux |
|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
CWE | CWE-129 | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
References | (MISC) https://github.com/torvalds/linux/commit/7f14c7227f342d9932f9b918893c8814f86d2a0d - Patch, Third Party Advisory | |
References | (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12 - Mailing List, Release Notes, Vendor Advisory |
16 Mar 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-16 00:15
Updated : 2024-02-08 20:50
NVD link : CVE-2022-27223
Mitre link : CVE-2022-27223
CVE.ORG link : CVE-2022-27223
JSON object : View
Products Affected
netapp
- h500s
- h700e
- h700s_firmware
- h410s
- h500s_firmware
- h300e_firmware
- h700s
- h700e_firmware
- h300s
- h300s_firmware
- active_iq_unified_manager
- h410s_firmware
- h500e_firmware
- h300e
- h500e
linux
- linux_kernel
debian
- debian_linux
CWE
CWE-129
Improper Validation of Array Index