PT-2022-7485 · Linux+3 · Linux Kernel+3

Daehwan Jung

·

Published

2022-02-24

·

Updated

2024-09-27

·

CVE-2022-48926

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The vulnerability is related to a lack of locking in the rndis response list, which could cause list corruption if two different list add operations occur at the same time. This issue can be prevented by adding a spinlock in the rndis add response, rndis free response, and rndis get next response functions. The vulnerability affects the confidentiality, integrity, and availability of data.
Technical details about exploitation include:
  • The rndis msg parser function is involved in the vulnerability.
  • The rndis command complete function is also affected.
  • The usb gadget giveback request function is part of the call trace.
  • The dwc3 gadget giveback function is involved in the vulnerability.
  • The dwc3 ep0 complete data function is part of the call trace.
  • The dwc3 ep0 interrupt function is affected.
  • The dwc3 process event entry function is involved in the vulnerability.
  • The dwc3 process event buf function is part of the call trace.
  • The dwc3 thread interrupt function is affected.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

BDU:2024-06631
CVE-2022-48926
OESA-2024-2122
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3249-1
OPENSUSE-SU-2024_3408-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3225-1
SUSE-SU-2024:3227-1
SUSE-SU-2024:3249-1
SUSE-SU-2024:3408-1
SUSE-SU-2024:3483-1

Affected Products

Astra Linux
Linux Kernel
Red Os
Suse