PT-2022-7025 · Linux+3 · Linux Kernel+3

Dongliang Mu

·

Published

2022-06-09

·

Updated

2023-08-14

·

CVE-2022-3577

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver, allowing a local user to crash or potentially escalate their privileges on the system. The issue is located in the bigben probe function of drivers/hid/hid-bigbenff.c and is caused by an incorrect assumption that all bigben devices have inputs, which can be broken by malicious devices, leading to an out-of-bounds write.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-401

Related Identifiers

ALT-PU-2022-2022
ALT-PU-2022-2023
ALT-PU-2022-2033
ALT-PU-2022-2050
ALT-PU-2022-2052
ALT-PU-2022-2054
ALT-PU-2022-2067
ALT-PU-2022-2099
ALT-PU-2022-2136
ALT-PU-2022-2137
ALT-PU-2022-2152
ALT-PU-2022-2155
ALT-PU-2022-2158
ALT-PU-2022-2261
ALT-PU-2022-2426
ALT-PU-2023-4894
BDU:2023-06664
CVE-2022-3577
OESA-2022-2033
OPENSUSE-SU-2022_3897-1
OPENSUSE-SU-2022_3998-1
OPENSUSE-SU-2022_4053-1
OPENSUSE-SU-2022_4072-1
OPENSUSE-SU-2022_4617-1
SUSE-SU-2022:3897-1
SUSE-SU-2022:3929-1
SUSE-SU-2022:3998-1
SUSE-SU-2022:4053-1
SUSE-SU-2022:4072-1
SUSE-SU-2022:4513-1
SUSE-SU-2022:4515-1
SUSE-SU-2022:4528-1
SUSE-SU-2022:4534-1
SUSE-SU-2022:4562-1
SUSE-SU-2022:4569-1
SUSE-SU-2022:4580-1
SUSE-SU-2022:4587-1
SUSE-SU-2022:4589-1
SUSE-SU-2022:4614-1
SUSE-SU-2022:4617-1

Affected Products

Alt Linux
Astra Linux
Linux Kernel
Suse