CVE-2022-49984

MEDIUM EPSS 10.4%
Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report It is possible for a malicious device to forgo submitting a Feature Report. The HID Steam driver presently makes no prevision for this and de-references the 'struct hid_report' pointer obtained from the HID devices without first checking its validity. Let's change that.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥4.18  –  <4.19.257
linuxlinux_kernel*≥4.20  –  <5.4.212
linuxlinux_kernel*≥5.5  –  <5.10.141
linuxlinux_kernel*≥5.11  –  <5.15.65
linuxlinux_kernel*≥5.16  –  <5.19.7
linuxlinux_kernel6.0any
linuxlinux_kernel6.0any
linuxlinux_kernel6.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/989560b6d9e00d99e07bc33067fa1c770994bf4d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c20d03b82a2e3ddbb555dad4d4f3374a9763222c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd11d1a6114bd4bc6450ae59f6e110ec47362126
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc815761948ab5b8c94db6cb53c95103588f16ae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dee1e51b54794e90763e70a3c78f27ba4fa930ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fa2b822d86be5b5ad54fe4fa2daca464e71ff90a
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/989560b6d9e00d99e07bc33067fa1c770994bf4d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c20d03b82a2e3ddbb555dad4d4f3374a9763222c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cd11d1a6114bd4bc6450ae59f6e110ec47362126
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc815761948ab5b8c94db6cb53c95103588f16ae
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dee1e51b54794e90763e70a3c78f27ba4fa930ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fa2b822d86be5b5ad54fe4fa2daca464e71ff90a
    Patch