CVE-2022-48837

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48837
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48837.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-48837
Downstream
Related
Published
2024-07-16T12:25:09Z
Modified
2025-10-08T07:09:24.495979Z
Summary
usb: gadget: rndis: prevent integer overflow in rndis_set_response()
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: rndis: prevent integer overflow in rndissetresponse()

If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ff0a90739925734c91c7e39befe3f4378e0c1369
Fixed
8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
4c22fbcef778badb00fb8bb9f409daa29811c175
Fixed
c7953cf03a26876d676145ce5d2ae6d8c9630b90
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
db9aaa3026298d652e98f777bc0f5756e2455dda
Fixed
138d4f739b35dfb40438a0d5d7054965763bfbe7
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c9e952871ae47af784b4aef0a77db02e557074d6
Fixed
21829376268397f9fd2c35cfa9135937b6aa3a1e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
fb4ff0f96de37c44236598e8b53fe43b1df36bf3
Fixed
28bc0267399f42f987916a7174e2e32f0833cc65
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2da3b0ab54fb7f4d7c5a82757246d0ee33a47197
Fixed
56b38e3ca4064041d93c1ca18828c8cedad2e16c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
2724ebafda0a8df08a9cb91557d33226bee80f7b
Fixed
df7e088d51cdf78b1a0bf1f3d405c2593295c7b0
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
38ea1eac7d88072bbffb630e2b3db83ca649b826
Fixed
65f3324f4b6fed78b8761c3b74615ecf0ffa81fa

Affected versions

v4.*

v4.14.267
v4.14.268
v4.14.269
v4.14.270
v4.14.271
v4.14.272
v4.19.230
v4.19.231
v4.19.232
v4.19.233
v4.19.234
v4.19.235
v4.9.302
v4.9.303
v4.9.304
v4.9.305
v4.9.306
v4.9.307

v5.*

v5.10.101
v5.10.102
v5.10.103
v5.10.104
v5.10.105
v5.10.106
v5.10.107
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.29
v5.15.30
v5.16.10
v5.16.11
v5.16.12
v5.16.13
v5.16.14
v5.16.15
v5.16.16
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.4.180
v5.4.181
v5.4.182
v5.4.183
v5.4.184
v5.4.185
v5.4.186

Database specific

{
    "vanir_signatures": [
        {
            "id": "CVE-2022-48837-0df92d3e",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "74610532842214861125328212539619698848",
                    "219320814454438370276643923899985203310",
                    "235029350871556551678875653730524412287",
                    "220013837063397485624450100683511902294"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56b38e3ca4064041d93c1ca18828c8cedad2e16c",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c"
            },
            "signature_version": "v1",
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48837-2a1bb5d1",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "74610532842214861125328212539619698848",
                    "219320814454438370276643923899985203310",
                    "235029350871556551678875653730524412287",
                    "220013837063397485624450100683511902294"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@65f3324f4b6fed78b8761c3b74615ecf0ffa81fa",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c"
            },
            "signature_version": "v1",
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48837-2d7f6418",
            "deprecated": false,
            "digest": {
                "function_hash": "324509543485242453198264164088682879174",
                "length": 1113.0
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56b38e3ca4064041d93c1ca18828c8cedad2e16c",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c",
                "function": "rndis_set_response"
            },
            "signature_version": "v1",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48837-2efd6c8e",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "74610532842214861125328212539619698848",
                    "219320814454438370276643923899985203310",
                    "235029350871556551678875653730524412287",
                    "220013837063397485624450100683511902294"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c"
            },
            "signature_version": "v1",
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48837-2f46f2b0",
            "deprecated": false,
            "digest": {
                "function_hash": "324509543485242453198264164088682879174",
                "length": 1113.0
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c",
                "function": "rndis_set_response"
            },
            "signature_version": "v1",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48837-3573baea",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "74610532842214861125328212539619698848",
                    "219320814454438370276643923899985203310",
                    "235029350871556551678875653730524412287",
                    "220013837063397485624450100683511902294"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@138d4f739b35dfb40438a0d5d7054965763bfbe7",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c"
            },
            "signature_version": "v1",
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48837-5a1139d9",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "74610532842214861125328212539619698848",
                    "219320814454438370276643923899985203310",
                    "235029350871556551678875653730524412287",
                    "220013837063397485624450100683511902294"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@df7e088d51cdf78b1a0bf1f3d405c2593295c7b0",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c"
            },
            "signature_version": "v1",
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48837-62bc66ab",
            "deprecated": false,
            "digest": {
                "function_hash": "324509543485242453198264164088682879174",
                "length": 1113.0
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@138d4f739b35dfb40438a0d5d7054965763bfbe7",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c",
                "function": "rndis_set_response"
            },
            "signature_version": "v1",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48837-a6fec7eb",
            "deprecated": false,
            "digest": {
                "function_hash": "324509543485242453198264164088682879174",
                "length": 1113.0
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28bc0267399f42f987916a7174e2e32f0833cc65",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c",
                "function": "rndis_set_response"
            },
            "signature_version": "v1",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48837-ac81fd2e",
            "deprecated": false,
            "digest": {
                "function_hash": "324509543485242453198264164088682879174",
                "length": 1113.0
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21829376268397f9fd2c35cfa9135937b6aa3a1e",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c",
                "function": "rndis_set_response"
            },
            "signature_version": "v1",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48837-b1cd93e2",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "74610532842214861125328212539619698848",
                    "219320814454438370276643923899985203310",
                    "235029350871556551678875653730524412287",
                    "220013837063397485624450100683511902294"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21829376268397f9fd2c35cfa9135937b6aa3a1e",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c"
            },
            "signature_version": "v1",
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48837-c4f82e04",
            "deprecated": false,
            "digest": {
                "function_hash": "324509543485242453198264164088682879174",
                "length": 1113.0
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@df7e088d51cdf78b1a0bf1f3d405c2593295c7b0",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c",
                "function": "rndis_set_response"
            },
            "signature_version": "v1",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48837-d8094e3e",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "74610532842214861125328212539619698848",
                    "219320814454438370276643923899985203310",
                    "235029350871556551678875653730524412287",
                    "220013837063397485624450100683511902294"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28bc0267399f42f987916a7174e2e32f0833cc65",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c"
            },
            "signature_version": "v1",
            "signature_type": "Line"
        },
        {
            "id": "CVE-2022-48837-e4373ef4",
            "deprecated": false,
            "digest": {
                "function_hash": "324509543485242453198264164088682879174",
                "length": 1113.0
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@65f3324f4b6fed78b8761c3b74615ecf0ffa81fa",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c",
                "function": "rndis_set_response"
            },
            "signature_version": "v1",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48837-ef81db5f",
            "deprecated": false,
            "digest": {
                "function_hash": "324509543485242453198264164088682879174",
                "length": 1113.0
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7953cf03a26876d676145ce5d2ae6d8c9630b90",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c",
                "function": "rndis_set_response"
            },
            "signature_version": "v1",
            "signature_type": "Function"
        },
        {
            "id": "CVE-2022-48837-f486ec81",
            "deprecated": false,
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "74610532842214861125328212539619698848",
                    "219320814454438370276643923899985203310",
                    "235029350871556551678875653730524412287",
                    "220013837063397485624450100683511902294"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7953cf03a26876d676145ce5d2ae6d8c9630b90",
            "target": {
                "file": "drivers/usb/gadget/function/rndis.c"
            },
            "signature_version": "v1",
            "signature_type": "Line"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.9.302
Fixed
4.9.308
Type
ECOSYSTEM
Events
Introduced
4.14.267
Fixed
4.14.273
Type
ECOSYSTEM
Events
Introduced
4.19.230
Fixed
4.19.236
Type
ECOSYSTEM
Events
Introduced
5.4.180
Fixed
5.4.187
Type
ECOSYSTEM
Events
Introduced
5.10.101
Fixed
5.10.108
Type
ECOSYSTEM
Events
Introduced
5.15.24
Fixed
5.15.31
Type
ECOSYSTEM
Events
Introduced
5.16.10
Fixed
5.16.17