An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2022/02/21/1 | Mailing List Patch Third Party Advisory |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 | Patch Release Notes Vendor Advisory |
https://github.com/szymonh/rndis-co | Third Party Advisory |
https://github.com/torvalds/linux/commit/38ea1eac7d88072bbffb630e2b3db83ca649b826 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2022/dsa-5092 | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5096 | Third Party Advisory |
Configurations
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-1284 |
11 May 2022, 13:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5096 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5092 - Third Party Advisory |
10 Mar 2022, 17:47
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Feb 2022, 18:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CWE | CWE-668 | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/02/21/1 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://github.com/torvalds/linux/commit/38ea1eac7d88072bbffb630e2b3db83ca649b826 - Patch, Third Party Advisory | |
References | (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 - Patch, Release Notes, Vendor Advisory | |
References | (MISC) https://github.com/szymonh/rndis-co - Third Party Advisory |
21 Feb 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Feb 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-20 20:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-25375
Mitre link : CVE-2022-25375
CVE.ORG link : CVE-2022-25375
JSON object : View
Products Affected
debian
- debian_linux
linux
- linux_kernel
CWE
CWE-1284
Improper Validation of Specified Quantity in Input