CVE-2022-48836

Input: aiptek - properly check endpoint type

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

Input: aiptek - properly check endpoint type

Syzbot reported warning in usb_submit_urb() which is caused by wrong
endpoint type. There was a check for the number of endpoints, but not
for the type of endpoint.

Fix it by replacing old desc.bNumEndpoints check with
usb_find_common_endpoints() helper for finding endpoints

Fail log:

usb 5-1: BOGUS urb xfer, pipe 1 != type 3
WARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502
Modules linked in:
CPU: 2 PID: 48 Comm: kworker/2:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014
Workqueue: usb_hub_wq hub_event
...
Call Trace:
<TASK>
aiptek_open+0xd5/0x130 drivers/input/tablet/aiptek.c:830
input_open_device+0x1bb/0x320 drivers/input/input.c:629
kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-16 CVE Reserved
2024-07-16 CVE Published
2024-07-25 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96	Vuln. Introduced
https://git.kernel.org/stable/c/90eb3c037fe3f0f25f01713a92725a8daa2b41f3	Vuln. Introduced
https://git.kernel.org/stable/c/a7c0ba06670f99c252d5bb74258dddbf50fef837	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/57277a8b5d881e02051ba9d7f6cb3f915c229821	2022-03-23
https://git.kernel.org/stable/c/fc8033a55e2796d21e370260a784ac9fbb8305a6	2022-03-23
https://git.kernel.org/stable/c/6de20111cd0bb7da9b2294073ba00c7d2a6c1c4f	2022-03-23
https://git.kernel.org/stable/c/e732b0412f8c603d1e998f3bff41b5e7d5c3914c	2022-03-23
https://git.kernel.org/stable/c/f0d43d22d24182b94d7eb78a2bf6ae7e2b33204a	2022-03-23
https://git.kernel.org/stable/c/e762f57ff255af28236cd02ca9fc5c7e5a089d31	2022-03-23
https://git.kernel.org/stable/c/35069e654bcab567ff8b9f0e68e1caf82c15dcd7	2022-03-23
https://git.kernel.org/stable/c/5600f6986628dde8881734090588474f54a540a8	2022-03-15

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-48836	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2298177	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 4.9.308 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 4.9.308"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 4.14.273 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 4.14.273"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 4.19.236 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 4.19.236"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.4.187 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.4.187"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.10.108 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.10.108"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.15.31 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.15.31"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.16.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.16.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4 < 5.17"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.2.79 Search vendor "Linux" for product "Linux Kernel" and version "3.2.79"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				3.12.53 Search vendor "Linux" for product "Linux Kernel" and version "3.12.53"		en		Affected