PT-2024-10519 · Linux+3 · Linux Kernel+3
Jann Horn
·
Published
2022-02-11
·
Updated
2025-01-20
·
CVE-2022-48805
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to out-of-bounds accesses in the RX fixup function
ax88179 rx fixup() that can be triggered by a malicious or defective USB device. This can cause out-of-bounds reads and endianness flips on big-endian systems. A packet can overlap the metadata array, corrupting data used by a cloned SKB. A packet SKB can also be constructed with its tail far beyond its end, causing out-of-bounds heap data to be considered part of the SKB's data. It has been tested that a malicious USB device can send a bogus ICMPv6 Echo Request and receive an ICMPv6 Echo Reply in response that contains random kernel heap data.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Linux Kernel
Red Os
Suse