#VU92976 Buffer overflow in Linux kernel - CVE-2022-48760
Vulnerability identifier: #VU92976
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the usb_kill_urb() and usb_poison_urb() functions in drivers/usb/core/urb.c, within the __usb_hcd_giveback_urb() function in drivers/usb/core/hcd.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/5f138ef224dffd15d5e5c5b095859719e0038427
https://git.kernel.org/stable/c/b50f5ca60475710bbc9a3af32fbfc17b1e69c2f0
https://git.kernel.org/stable/c/546ba238535d925254e0b3f12012a5c55801e2f3
https://git.kernel.org/stable/c/5904dfd3ddaff3bf4a41c3baf0a8e8f31ed4599b
https://git.kernel.org/stable/c/9c61fce322ac2ef7fecf025285353570d60e41d6
https://git.kernel.org/stable/c/e3b131e30e612ff0e32de6c1cb4f69f89db29193
https://git.kernel.org/stable/c/9340226388c66a7e090ebb00e91ed64a753b6c26
https://git.kernel.org/stable/c/c9a18f7c5b071dce5e6939568829d40994866ab0
https://git.kernel.org/stable/c/26fbe9772b8c459687930511444ce443011f86bf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
