CVE-2022-48837

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-48837

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-48837.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-48837

Downstream

DEBIAN-CVE-2022-48837

SUSE-SU-2024:2894-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2947-1

SUSE-SU-2024:3225-1

SUSE-SU-2024:3249-1

UBUNTU-CVE-2022-48837

Related

Published

2024-07-16T12:25:09.212Z

Modified

2025-11-28T07:53:11.593663Z

Summary

usb: gadget: rndis: prevent integer overflow in rndis_set_response()

Details

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: rndis: prevent integer overflow in rndissetresponse()

If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/48xxx/CVE-2022-48837.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ff0a90739925734c91c7e39befe3f4378e0c1369

Fixed

8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

4c22fbcef778badb00fb8bb9f409daa29811c175

Fixed

c7953cf03a26876d676145ce5d2ae6d8c9630b90

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

db9aaa3026298d652e98f777bc0f5756e2455dda

Fixed

138d4f739b35dfb40438a0d5d7054965763bfbe7

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c9e952871ae47af784b4aef0a77db02e557074d6

Fixed

21829376268397f9fd2c35cfa9135937b6aa3a1e

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

fb4ff0f96de37c44236598e8b53fe43b1df36bf3

Fixed

28bc0267399f42f987916a7174e2e32f0833cc65

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2da3b0ab54fb7f4d7c5a82757246d0ee33a47197

Fixed

56b38e3ca4064041d93c1ca18828c8cedad2e16c

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

2724ebafda0a8df08a9cb91557d33226bee80f7b

Fixed

df7e088d51cdf78b1a0bf1f3d405c2593295c7b0

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

38ea1eac7d88072bbffb630e2b3db83ca649b826

Fixed

65f3324f4b6fed78b8761c3b74615ecf0ffa81fa

Affected versions

v4.*

v4.14.267

v4.14.268

v4.14.269

v4.14.270

v4.14.271

v4.14.272

v4.19.230

v4.19.231

v4.19.232

v4.19.233

v4.19.234

v4.19.235

v4.9.302

v4.9.303

v4.9.304

v4.9.305

v4.9.306

v4.9.307

v5.*

v5.10.101

v5.10.102

v5.10.103

v5.10.104

v5.10.105

v5.10.106

v5.10.107

v5.15.24

v5.15.25

v5.15.26

v5.15.27

v5.15.28

v5.15.29

v5.15.30

v5.16.10

v5.16.11

v5.16.12

v5.16.13

v5.16.14

v5.16.15

v5.16.16

v5.17-rc3

v5.17-rc4

v5.17-rc5

v5.17-rc6

v5.4.180

v5.4.181

v5.4.182

v5.4.183

v5.4.184

v5.4.185

v5.4.186

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56b38e3ca4064041d93c1ca18828c8cedad2e16c",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "74610532842214861125328212539619698848",
                "219320814454438370276643923899985203310",
                "235029350871556551678875653730524412287",
                "220013837063397485624450100683511902294"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-0df92d3e"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@65f3324f4b6fed78b8761c3b74615ecf0ffa81fa",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "74610532842214861125328212539619698848",
                "219320814454438370276643923899985203310",
                "235029350871556551678875653730524412287",
                "220013837063397485624450100683511902294"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-2a1bb5d1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56b38e3ca4064041d93c1ca18828c8cedad2e16c",
        "signature_version": "v1",
        "digest": {
            "function_hash": "324509543485242453198264164088682879174",
            "length": 1113.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "rndis_set_response",
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-2d7f6418"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "74610532842214861125328212539619698848",
                "219320814454438370276643923899985203310",
                "235029350871556551678875653730524412287",
                "220013837063397485624450100683511902294"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-2efd6c8e"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8b3e4d26bc9cd0f6373d0095b9ffd99e7da8006b",
        "signature_version": "v1",
        "digest": {
            "function_hash": "324509543485242453198264164088682879174",
            "length": 1113.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "rndis_set_response",
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-2f46f2b0"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@138d4f739b35dfb40438a0d5d7054965763bfbe7",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "74610532842214861125328212539619698848",
                "219320814454438370276643923899985203310",
                "235029350871556551678875653730524412287",
                "220013837063397485624450100683511902294"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-3573baea"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@df7e088d51cdf78b1a0bf1f3d405c2593295c7b0",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "74610532842214861125328212539619698848",
                "219320814454438370276643923899985203310",
                "235029350871556551678875653730524412287",
                "220013837063397485624450100683511902294"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-5a1139d9"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@138d4f739b35dfb40438a0d5d7054965763bfbe7",
        "signature_version": "v1",
        "digest": {
            "function_hash": "324509543485242453198264164088682879174",
            "length": 1113.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "rndis_set_response",
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-62bc66ab"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28bc0267399f42f987916a7174e2e32f0833cc65",
        "signature_version": "v1",
        "digest": {
            "function_hash": "324509543485242453198264164088682879174",
            "length": 1113.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "rndis_set_response",
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-a6fec7eb"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21829376268397f9fd2c35cfa9135937b6aa3a1e",
        "signature_version": "v1",
        "digest": {
            "function_hash": "324509543485242453198264164088682879174",
            "length": 1113.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "rndis_set_response",
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-ac81fd2e"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@21829376268397f9fd2c35cfa9135937b6aa3a1e",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "74610532842214861125328212539619698848",
                "219320814454438370276643923899985203310",
                "235029350871556551678875653730524412287",
                "220013837063397485624450100683511902294"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-b1cd93e2"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@df7e088d51cdf78b1a0bf1f3d405c2593295c7b0",
        "signature_version": "v1",
        "digest": {
            "function_hash": "324509543485242453198264164088682879174",
            "length": 1113.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "rndis_set_response",
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-c4f82e04"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@28bc0267399f42f987916a7174e2e32f0833cc65",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "74610532842214861125328212539619698848",
                "219320814454438370276643923899985203310",
                "235029350871556551678875653730524412287",
                "220013837063397485624450100683511902294"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-d8094e3e"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@65f3324f4b6fed78b8761c3b74615ecf0ffa81fa",
        "signature_version": "v1",
        "digest": {
            "function_hash": "324509543485242453198264164088682879174",
            "length": 1113.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "rndis_set_response",
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-e4373ef4"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7953cf03a26876d676145ce5d2ae6d8c9630b90",
        "signature_version": "v1",
        "digest": {
            "function_hash": "324509543485242453198264164088682879174",
            "length": 1113.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "target": {
            "function": "rndis_set_response",
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-ef81db5f"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@c7953cf03a26876d676145ce5d2ae6d8c9630b90",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "74610532842214861125328212539619698848",
                "219320814454438370276643923899985203310",
                "235029350871556551678875653730524412287",
                "220013837063397485624450100683511902294"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "target": {
            "file": "drivers/usb/gadget/function/rndis.c"
        },
        "id": "CVE-2022-48837-f486ec81"
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.9.302

Fixed

4.9.308

Type: ECOSYSTEM
Events: Introduced

4.14.267

Fixed

4.14.273

Type: ECOSYSTEM
Events: Introduced

4.19.230

Fixed

4.19.236

Type: ECOSYSTEM
Events: Introduced

5.4.180

Fixed

5.4.187

Type: ECOSYSTEM
Events: Introduced

5.10.101

Fixed

5.10.108

Type: ECOSYSTEM
Events: Introduced

5.15.24

Fixed

5.15.31

Type: ECOSYSTEM
Events: Introduced

5.16.10

Fixed

5.16.17