Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2022-25258

Published: February 16, 2022Last modified: August 21, 2024

Description

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.

Severity score breakdown

ParameterValue
Base score4.6
Attack VectorPHYSICAL
Attack complexityLOW
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita LinuxStreamlinux-ltsNot affected (6.1.33-r0)

References

ON THIS PAGE