CVE-2022-48836
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/07/2024
Last modified:
24/07/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
Input: aiptek - properly check endpoint type<br />
<br />
Syzbot reported warning in usb_submit_urb() which is caused by wrong<br />
endpoint type. There was a check for the number of endpoints, but not<br />
for the type of endpoint.<br />
<br />
Fix it by replacing old desc.bNumEndpoints check with<br />
usb_find_common_endpoints() helper for finding endpoints<br />
<br />
Fail log:<br />
<br />
usb 5-1: BOGUS urb xfer, pipe 1 != type 3<br />
WARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502<br />
Modules linked in:<br />
CPU: 2 PID: 48 Comm: kworker/2:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0<br />
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014<br />
Workqueue: usb_hub_wq hub_event<br />
...<br />
Call Trace:<br />
<br />
aiptek_open+0xd5/0x130 drivers/input/tablet/aiptek.c:830<br />
input_open_device+0x1bb/0x320 drivers/input/input.c:629<br />
kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.4 (including) | 4.9.308 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.10 (including) | 4.14.273 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.15 (including) | 4.19.236 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.187 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.108 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.31 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 5.16.17 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/35069e654bcab567ff8b9f0e68e1caf82c15dcd7
- https://git.kernel.org/stable/c/5600f6986628dde8881734090588474f54a540a8
- https://git.kernel.org/stable/c/57277a8b5d881e02051ba9d7f6cb3f915c229821
- https://git.kernel.org/stable/c/6de20111cd0bb7da9b2294073ba00c7d2a6c1c4f
- https://git.kernel.org/stable/c/e732b0412f8c603d1e998f3bff41b5e7d5c3914c
- https://git.kernel.org/stable/c/e762f57ff255af28236cd02ca9fc5c7e5a089d31
- https://git.kernel.org/stable/c/f0d43d22d24182b94d7eb78a2bf6ae7e2b33204a
- https://git.kernel.org/stable/c/fc8033a55e2796d21e370260a784ac9fbb8305a6