CVE - CVE-2022-48866

CVE-ID
CVE-2022-48866	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints. Code should not blindly access usb_host_interface::endpoint array, since it may contain less endpoints than code expects. Fix it by adding missing validaion check and print an error if number of endpoints do not match expected number
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555ab URL:https://git.kernel.org/stable/c/3ffbe85cda7f523dad896bae08cecd8db8b555ab MISC:https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947 URL:https://git.kernel.org/stable/c/56185434e1e50acecee56d8f5850135009b87947 MISC:https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036 URL:https://git.kernel.org/stable/c/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036
Assigning CNA
kernel.org
Date Record Created
20240716	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240716)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)