CVE-2022-48701

There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and the number of it's interfaces less than 4, an out-of-bounds read bug occurs when parsing the interface descriptor for this device.

Fix this by checking the number of interfaces.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48701.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

b9d43bcd061956c8144bcb453d07d13236b6ab28

Fixed

b970518014f2f0f6c493fb86c1e092b936899061

Fixed

91904870370fd986c29719846ed76d559de43251

Fixed

2a308e415d247a23d4d64c964c02e782eede2936

Fixed

0492798bf8dfcc09c9337a1ba065da1d1ca68712

Fixed

6123bec8480d23369e2ee0b2208611619f269faf

Fixed

98e8e67395cc6d0cdf3a771f86ea42d0ee6e59dd

Fixed

8293e61bbf908b18ff9935238d4fc2ad359e3fe0

Fixed

e53f47f6c1a56d2af728909f1cb894da6b43d9bf

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48701.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.26

Fixed

4.9.328

Type: ECOSYSTEM
Events: Introduced

4.10.0

Fixed

4.14.293

Type: ECOSYSTEM
Events: Introduced

4.15.0

Fixed

4.19.258

Type: ECOSYSTEM
Events: Introduced

4.20.0

Fixed

5.4.213

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.143

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.68

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.19.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48701.json"