VDB

CISA-2022-48948

CISA-2022-48948 PUBLISHED

Reported by Linux · Published October 21, 2024

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvc_event->data.data array of size 60. This may result in an overflow of 4 bytes.

Affected Products

VendorProductVersions
LinuxLinuxcdda479f15cd13fa50a913ca85129c0437cc7b91, cdda479f15cd13fa50a913ca85129c0437cc7b91, cdda479f15cd13fa50a913ca85129c0437cc7b91
LinuxLinux2.6.35, 0, 4.9.337
LinuxLinux4.19.270, cdda479f15cd13fa50a913ca85129c0437cc7b91, cdda479f15cd13fa50a913ca85129c0437cc7b91
linuxlinux_kernel2.6.35, 2.6.35, 2.6.35

Timeline

  • Oct 21, 2024 CVE Published
  • May 4, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›