VDB
CISA-2022-48948
CISA-2022-48948
PUBLISHED
Reported by Linux · Published October 21, 2024
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvc_event->data.data array of size 60. This may result in an overflow of 4 bytes.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | cdda479f15cd13fa50a913ca85129c0437cc7b91, cdda479f15cd13fa50a913ca85129c0437cc7b91, cdda479f15cd13fa50a913ca85129c0437cc7b91 |
| Linux | Linux | 2.6.35, 0, 4.9.337 |
| Linux | Linux | 4.19.270, cdda479f15cd13fa50a913ca85129c0437cc7b91, cdda479f15cd13fa50a913ca85129c0437cc7b91 |
| linux | linux_kernel | 2.6.35, 2.6.35, 2.6.35 |
Timeline
- Oct 21, 2024 CVE Published
- May 4, 2025 CVE Updated