Back

CVE-2022-48938

Aug. 22, 2024, 6:49 p.m.

Analyzed
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Linux Kernel

linux_kernel

  • *

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
CWE-190
2024-08-22
CVE-2022-48938

CVE-2022-48938 details

Published : Aug. 22, 2024, 4:15 a.m.
Last Modified : Aug. 22, 2024, 6:49 p.m.

Description

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the sanity check. Both offset and offset + len need to be checked in such a manner that no overflow can occur. And those quantities should be unsigned.

CVSS Score

1 2 3 4 5.5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-190 Integer Overflow or Wraparound The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

CVSS Data

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

5.5

Exploitability Score

1.8

Impact Score

3.6

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

URL Source
https://git.kernel.org/stable/c/49909c9f8458cacb5b241106cba65aba5a6d8f4c 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/69560efa001397ebb8dc1c3e6a3ce00302bb9f7f 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/7b737e47b87589031f0d4657f6d7b0b770474925 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/8d2b1a1ec9f559d30b724877da4ce592edc41fdc 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CPEs

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
o linux linux_kernel / / / / / / / /
This website uses the NVD API, but is not approved or certified by it.