CVE-2022-48866

HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts

Severity Score

7.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts

Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug.
The root case is in missing validation check of actual number of endpoints.

Code should not blindly access usb_host_interface::endpoint array, since
it may contain less endpoints than code expects.

Fix it by adding missing validaion check and print an error if
number of endpoints do not match expected number

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: HID: hid-thrustmaster: corrige la lectura OOB en Thrustmaster_interrupts Syzbot informó un error de lectura fuera de los límites en Thrustmaster_probe(). El caso raíz es la falta de verificación de validación del número real de endpoints. El código no debe acceder ciegamente a usb_host_interface::endpoint array, ya que puede contener menos endpoints de los que espera el código. Solucionelo agregando una verificación de validación faltante e imprima un error si el número de endpoints no coincide con el número esperado

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-16 CVE Reserved
2024-07-16 CVE Published
2024-07-24 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-125: Out-of-bounds Read

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/c49c33637802a2c6957a78119eb8be3b055dd9e9	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555ab	2022-03-16
https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947	2022-03-16
https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036	2022-02-21

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-48866	2024-09-24
https://bugzilla.redhat.com/show_bug.cgi?id=2298640	2024-09-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.15.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.15.29"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.16.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.16.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.17"		en		Affected