SB20240620256 - Buffer overflow in Linux kernel usb core driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2022-48760)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the usb_kill_urb() and usb_poison_urb() functions in drivers/usb/core/urb.c, within the __usb_hcd_giveback_urb() function in drivers/usb/core/hcd.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/5f138ef224dffd15d5e5c5b095859719e0038427
• https://git.kernel.org/stable/c/b50f5ca60475710bbc9a3af32fbfc17b1e69c2f0
• https://git.kernel.org/stable/c/546ba238535d925254e0b3f12012a5c55801e2f3
• https://git.kernel.org/stable/c/5904dfd3ddaff3bf4a41c3baf0a8e8f31ed4599b
• https://git.kernel.org/stable/c/9c61fce322ac2ef7fecf025285353570d60e41d6
• https://git.kernel.org/stable/c/e3b131e30e612ff0e32de6c1cb4f69f89db29193
• https://git.kernel.org/stable/c/9340226388c66a7e090ebb00e91ed64a753b6c26
• https://git.kernel.org/stable/c/c9a18f7c5b071dce5e6939568829d40994866ab0
• https://git.kernel.org/stable/c/26fbe9772b8c459687930511444ce443011f86bf
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.265
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.228
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.302
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.300
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.96
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.19
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.5
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.176