CVE-2022-48926

HIGH EPSS 12.3%
Published Aug 22, 20241y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Aug 22, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list. It could cause list corruption if there're two different list_add at the same time like below. It's better to add in rndis_add_response / rndis_free_response / rndis_get_next_response to prevent any race condition on response list. [ 361.894299] [1: irq/191-dwc3:16979] list_add corruption. next->prev should be prev (ffffff80651764d0), but was ffffff883dc36f80. (next=ffffff80651764d0). [ 361.904380] [1: irq/191-dwc3:16979] Call trace: [ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90 [ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0 [ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84 [ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4 [ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60 [ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0 [ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc [ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc [ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec [ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
12.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥4.6  –  <4.9.304
linuxlinux_kernel*≥4.10  –  <4.14.269
linuxlinux_kernel*≥4.15  –  <4.19.232
linuxlinux_kernel*≥4.20  –  <5.4.182
linuxlinux_kernel*≥5.5  –  <5.10.103
linuxlinux_kernel*≥5.11  –  <5.15.26
linuxlinux_kernel*≥5.16  –  <5.16.12

References 8

  • git.kernel.org https://git.kernel.org/stable/c/33222d1571d7ce8c1c75f6b488f38968fa93d2d9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4ce247af3f30078d5b97554f1ae6200a0222c15a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/669c2b178956718407af5631ccbc61c24413f038
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ab652d41deab49848673c3dadb57ad338485376
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f5d8ba538ef81cd86ea587ca3f8c77e26bea405
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f688aadede6b862a0a898792b1a35421c93636f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aaaba1c86d04dac8e49bf508b492f81506257da3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/da514063440b53a27309a4528b726f92c3cfe56f
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/33222d1571d7ce8c1c75f6b488f38968fa93d2d9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4ce247af3f30078d5b97554f1ae6200a0222c15a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/669c2b178956718407af5631ccbc61c24413f038
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9ab652d41deab49848673c3dadb57ad338485376
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f5d8ba538ef81cd86ea587ca3f8c77e26bea405
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9f688aadede6b862a0a898792b1a35421c93636f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aaaba1c86d04dac8e49bf508b492f81506257da3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/da514063440b53a27309a4528b726f92c3cfe56f
    Patch