CVE-2022-23467

Name of the Vulnerable Software and Affected Versions OpenRazer versions prior to 3.5.1

Description OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device, an attacker can leak stack addresses of the razer attr read dpi stages, potentially bypassing KASLR. To exploit this issue, an attacker would need to access a user's keyboard or mouse or convince a user to use a modified device.

Recommendations For versions prior to 3.5.1, upgrade to version 3.5.1 or later to resolve the issue. As a general precaution, users should be reminded not to plug in unknown USB devices.