CVE-2022-48836

MEDIUM EPSS 15.3%
Published Jul 16, 20241y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 16, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint. Fix it by replacing old desc.bNumEndpoints check with usb_find_common_endpoints() helper for finding endpoints Fail log: usb 5-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 2 PID: 48 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 Modules linked in: CPU: 2 PID: 48 Comm: kworker/2:2 Not tainted 5.17.0-rc6-syzkaller-00226-g07ebd38a0da2 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Workqueue: usb_hub_wq hub_event ... Call Trace: <TASK> aiptek_open+0xd5/0x130 drivers/input/tablet/aiptek.c:830 input_open_device+0x1bb/0x320 drivers/input/input.c:629 kbd_connect+0xfe/0x160 drivers/tty/vt/keyboard.c:1593

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥4.4  –  <4.9.308
linuxlinux_kernel*≥4.10  –  <4.14.273
linuxlinux_kernel*≥4.15  –  <4.19.236
linuxlinux_kernel*≥4.20  –  <5.4.187
linuxlinux_kernel*≥5.5  –  <5.10.108
linuxlinux_kernel*≥5.11  –  <5.15.31
linuxlinux_kernel*≥5.16  –  <5.16.17

References 8

  • git.kernel.org https://git.kernel.org/stable/c/35069e654bcab567ff8b9f0e68e1caf82c15dcd7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5600f6986628dde8881734090588474f54a540a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/57277a8b5d881e02051ba9d7f6cb3f915c229821
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6de20111cd0bb7da9b2294073ba00c7d2a6c1c4f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e732b0412f8c603d1e998f3bff41b5e7d5c3914c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e762f57ff255af28236cd02ca9fc5c7e5a089d31
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f0d43d22d24182b94d7eb78a2bf6ae7e2b33204a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fc8033a55e2796d21e370260a784ac9fbb8305a6
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/35069e654bcab567ff8b9f0e68e1caf82c15dcd7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5600f6986628dde8881734090588474f54a540a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/57277a8b5d881e02051ba9d7f6cb3f915c229821
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6de20111cd0bb7da9b2294073ba00c7d2a6c1c4f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e732b0412f8c603d1e998f3bff41b5e7d5c3914c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e762f57ff255af28236cd02ca9fc5c7e5a089d31
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f0d43d22d24182b94d7eb78a2bf6ae7e2b33204a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fc8033a55e2796d21e370260a784ac9fbb8305a6
    Patch