VDB
CVE-2022-25258
CVE-2022-25258
PUBLISHED
Es existiert eine Schwachstelle im Linux Kernel, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurde. Der Fehler besteht, weil das USB-Gadget-Subsystem bestimmte Validierungen von Interface-OS-Deskriptor-Anforderungen vermissen lässt, was zu Speicherbeschädigung führt. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen nicht spezifizierten Angriff auszuführen.
EPSS 0.18% · 39.3th percentile
Risk Scores
EPSS Score
0.18%
39.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | |
| Red Hat | Red Hat Enterprise Linux | |
| Google Android 10 | ||
| Google Android 11 | ||
| Google Android 12L | ||
| Oracle | Oracle Linux | |
| NetApp | NetApp ActiveIQ Unified Manager | |
| Debian | Debian Linux | |
| Google Android 12 | ||
| Amazon | Amazon Linux 2 | |
| SUSE | SUSE Linux |
Exploit Intelligence
- CVE-2022-25258 - Demo exploit targeting usb gadget's os descriptor handler (github-poc)
- CVE-2022-25258 - Demo exploit targeting usb gadget's os descriptor handler (github-poc)
- CVE-2022-25258 - Demo exploit targeting usb gadget's os descriptor handler (github-poc)
- CVE-2022-25258 - Demo exploit targeting usb gadget's os descriptor handler (github-poc)
- CVE-2022-25258 - Demo exploit targeting usb gadget's os descriptor handler (github-poc)
- CVE-2022-25258 - Demo exploit targeting usb gadget's os descriptor handler (github-poc)
Timeline
- Feb 16, 2022 CVE Published
- Feb 17, 2022 EPSS Score
- Apr 10, 2022 EPSS Score
- Jun 1, 2022 EPSS Score
- Jul 24, 2022 EPSS Score
- Sep 15, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Dec 28, 2022 EPSS Score
- Feb 18, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 11, 2023 EPSS Score
- Jun 2, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0137.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0137 advisory
- https://source.android.com/security/bulletin/2022-06-01 advisory
- https://source.android.com/security/bulletin/pixel/2022-06-01 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-July/011576.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-July/011579.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-July/011597.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-July/011594.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-July/011599.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-July/011608.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-July/011609.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-July/011614.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-July/011613.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-August/011824.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-August/011823.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-August/011825.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-August/011840.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-August/011894.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2022-August/011914.html advisory
- https://access.redhat.com/errata/RHSA-2024:0412 advisory
…and 27 more