Szymon Heidrich

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 6.1.5 **Description** The issue is related to an integer overflow in the `rndis query oid()` function in the `drivers/net/wireless/rndis wlan.c` file of the Linux kernel. This overflow occurs during an addition operation. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Linux kernel versions through 6.1.5, update to a version newer than 6.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the `rndis query oid()` function in the `drivers/net/wireless/rndis wlan.c` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A buffer overflow issue has been identified in the Linux kernel's USB gadget UVC setup handler. The setup function `uvc function setup` allows control transfer requests with up to 64 bytes of payload, but the data stage handler for OUT transfers uses `memcpy` to copy `req->actual` bytes to the `uvc event->data.data` array, which has a size of 60. This may result in an overflow of 4 bytes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16.10 **Description** The issue is related to the RNDIS USB gadget in the Linux kernel, which lacks validation of the size of the RNDIS MSG SET command. This can allow attackers to obtain sensitive information from kernel memory. The vulnerability is associated with information disclosure and can be exploited to gain unauthorized access to protected information. **Recommendations** For Linux kernel versions prior to 5.16.10, update to version 5.16.10 or later to resolve the issue. As a temporary workaround, consider disabling the RNDIS USB gadget functionality until a patch is available. Restrict access to the `rndis set response` function in `rndis.c` to minimize the risk of exploitation. Avoid using the `RNDIS MSG SET` command in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16.10 **Description** The issue is related to the USB Gadget subsystem in the Linux kernel, which lacks certain validation of interface OS descriptor requests. This can lead to memory corruption. The vulnerability is associated with a missing bounds check in the `composite setup` function of `composite.c`, allowing for a possible out of bounds write. This could lead to local escalation of privilege when connecting a malicious USB device, with no additional execution privileges needed. User interaction is not required for exploitation. **Recommendations** For Linux kernel versions prior to 5.16.10, update to version 5.16.10 or later to resolve the issue. As a temporary workaround, consider restricting the use of USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Azure RTOS (affected versions not specified) **Description** The issue exists due to insufficient input validation in the Azure RTOS operating system. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure RTOS (affected versions not specified) **Description** The issue exists due to insufficient input validation in the Azure RTOS operating system. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure RTOS (affected versions not specified) **Description** The issue exists due to insufficient input validation in the Azure RTOS operating system. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure RTOS (affected versions not specified) **Description** The issue is related to insufficient boundaries in the controlled area of the system, which can allow an attacker to gain unauthorized access to the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure RTOS (affected versions not specified) **Description** The issue is related to insufficient boundaries in the controlled area of the system, which can allow an attacker to gain unauthorized access to the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure RTOS (affected versions not specified) **Description** The issue is related to insufficient protection of sensitive data in Azure RTOS, which can allow an attacker to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.