PT-2022-2366 · Linux+5 · Linux Kernel+5

Published

2022-02-24

Updated

2024-02-08

CVE-2022-27223

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.12

Description The issue is related to the Linux kernel's USB gadget driver, specifically in the udc-xilinx.c file. It involves an array index that is not properly validated, potentially allowing a remote attacker to manipulate it for out-of-array access. This could lead to the execution of arbitrary code.

Recommendations For versions prior to 5.16.12, update to version 5.16.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable driver until a patch is applied.

Fix

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

ALT-PU-2022-1425

ALT-PU-2022-1456

ALT-PU-2022-1647

ALT-PU-2022-2155

ALT-PU-2023-1684

ALT-PU-2023-1741

ALT-PU-2023-1814

ALT-PU-2023-4894

AZL-9067

BDU:2022-02703

CVE-2022-27223

DLA-3065-1

OESA-2022-1614

OPENSUSE-SU-2022_1163-1

SUSE-SU-2022:1038-1

SUSE-SU-2022:1163-1

USN-5381-1

USN-5413-1

USN-5415-1

USN-5417-1

USN-5418-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

PT-2022-2366 · Linux+5 · Linux Kernel+5

CVE-2022-27223

Weakness Enumeration

Related Identifiers

Affected Products

References · 205