CVE-2022-48834

HIGH EPSS 17.3%
Published Jul 16, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Jul 16, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fix bug in pipe direction for control transfers The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: BOGUS control dir, pipe 80001e80 doesn't match bRequestType 0 WARNING: CPU: 0 PID: 3813 at drivers/usb/core/urb.c:412 usb_submit_urb+0x13a5/0x1970 drivers/usb/core/urb.c:410 Modules linked in: CPU: 0 PID: 3813 Comm: syz-executor122 Not tainted 5.17.0-rc5-syzkaller-00306-g2293be58d6a1 #0 ... Call Trace: <TASK> usb_start_wait_urb+0x113/0x530 drivers/usb/core/message.c:58 usb_internal_control_msg drivers/usb/core/message.c:102 [inline] usb_control_msg+0x2a5/0x4b0 drivers/usb/core/message.c:153 usbtmc_ioctl_request drivers/usb/class/usbtmc.c:1947 [inline] The problem is that usbtmc_ioctl_request() uses usb_rcvctrlpipe() for all of its transfers, whether they are in or out. It's easy to fix.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
17.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥4.20  –  <5.4.187
linuxlinux_kernel*≥5.5  –  <5.10.108
linuxlinux_kernel*≥5.11  –  <5.15.31
linuxlinux_kernel*≥5.16  –  <5.16.17
linuxlinux_kernel5.17any
linuxlinux_kernel5.17any
linuxlinux_kernel5.17any
linuxlinux_kernel5.17any
linuxlinux_kernel5.17any
linuxlinux_kernel5.17any
linuxlinux_kernel5.17any
linuxlinux_kernel5.17any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/10a805334a11acd547602d6c4cf540a0f6ab5c6e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5f6a2d63c68c12cf61259df7c3527a0e05dce952
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/700a0715854c1e79a73341724ce4f5bb01abc016
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c69aef9db878ab277068a8cc1b4bf0cf309dc2b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e9b667a82cdcfe21d590344447d65daed52b353b
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/10a805334a11acd547602d6c4cf540a0f6ab5c6e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5f6a2d63c68c12cf61259df7c3527a0e05dce952
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/700a0715854c1e79a73341724ce4f5bb01abc016
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c69aef9db878ab277068a8cc1b4bf0cf309dc2b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e9b667a82cdcfe21d590344447d65daed52b353b
    Patch