CVE - CVE-2022-48948

CVE-ID
CVE-2022-48948	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvc_event->data.data array of size 60. This may result in an overflow of 4 bytes.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5 URL:https://git.kernel.org/stable/c/06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5 MISC:https://git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35 URL:https://git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35 MISC:https://git.kernel.org/stable/c/4c92670b16727365699fe4b19ed32013bab2c107 URL:https://git.kernel.org/stable/c/4c92670b16727365699fe4b19ed32013bab2c107 MISC:https://git.kernel.org/stable/c/6b41a35b41f77821db24f2d8f66794b390a585c5 URL:https://git.kernel.org/stable/c/6b41a35b41f77821db24f2d8f66794b390a585c5 MISC:https://git.kernel.org/stable/c/7b1f773277a72f9756d47a41b94e43506cce1954 URL:https://git.kernel.org/stable/c/7b1f773277a72f9756d47a41b94e43506cce1954 MISC:https://git.kernel.org/stable/c/b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be URL:https://git.kernel.org/stable/c/b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be MISC:https://git.kernel.org/stable/c/bc8380fe5768c564f921f7b4eaba932e330b9e4b URL:https://git.kernel.org/stable/c/bc8380fe5768c564f921f7b4eaba932e330b9e4b MISC:https://git.kernel.org/stable/c/c79538f32df12887f110dcd6b9c825b482905f24 URL:https://git.kernel.org/stable/c/c79538f32df12887f110dcd6b9c825b482905f24 MISC:https://git.kernel.org/stable/c/d1a92bb8d697f170d93fe922da763d7d156b8841 URL:https://git.kernel.org/stable/c/d1a92bb8d697f170d93fe922da763d7d156b8841
Assigning CNA
kernel.org
Date Record Created
20240822	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240822)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.