PT-2022-7478 · Linux+7 · Linux Kernel+7

Syzbot

Published

2022-02-21

Updated

2025-09-29

CVE-2022-48866

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a missing validation check of the actual number of endpoints in the hid-thrustmaster component of the Linux kernel. This can lead to an out-of-bounds read in the thrustmaster interrupts function. The root cause is that the code does not check if the usb host interface::endpoint array contains less endpoints than expected, which can result in a slab-out-of-bounds read in the thrustmaster probe() function. Exploitation of this issue may allow an attacker to affect the confidentiality, integrity, and availability of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:7000

ALSA-2024:7001

ALSA-2025_16880

BDU:2024-06621

CESA-2024_7000

CESA-2024_7001

CVE-2022-48866

INFSA-2024_7000

INFSA-2024_7001

OPENSUSE-SU-2024_2947-1

RHSA-2022:8267

RHSA-2022_8267

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024_7000

RHSA-2024_7001

RLSA-2024:7001

SUSE-SU-2024:2894-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

PT-2022-7478 · Linux+7 · Linux Kernel+7

CVE-2022-48866

Weakness Enumeration

Related Identifiers

Affected Products

References · 1655