CVE-2022-25375
Summary
| CVE | CVE-2022-25375 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-02-20 20:15:00 UTC |
|---|
| Updated | 2023-08-08 14:22:00 UTC |
|---|
| Description | An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] [DLA 2941-1] linux-4.19 security update |
MLIST |
lists.debian.org |
|
| [SECURITY] [DLA 2940-1] linux security update |
MLIST |
lists.debian.org |
|
| cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.10 |
MISC |
cdn.kernel.org |
|
| usb: gadget: rndis: check size of RNDIS_MSG_SET command · torvalds/linux@38ea1ea · GitHub |
MISC |
github.com |
|
| GitHub - szymonh/rndis-co: CVE-2022-25375 - Demo exploit of RNDIS USB Gadget |
MISC |
github.com |
|
| Debian -- Security Information -- DSA-5096-1 linux |
DEBIAN |
www.debian.org |
|
| oss-security - CVE-2022-25375 : Linux RNDIS USB Gadget memory extraction via packet
filter |
MLIST |
www.openwall.com |
|
| Debian -- Security Information -- DSA-5092-1 linux |
DEBIAN |
www.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179104 Debian Security Update for linux (DSA 5092-1)
- 179117 Debian Security Update for linux (DSA 5096-1)
- 179118 Debian Security Update for linux (DLA 2940-1)
- 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
- 184947 Debian Security Update for linux (CVE-2022-25375)
- 198782 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5417-1)
- 198784 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5418-1)
- 198785 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5415-1)
- 376925 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)
- 610422 Google Android July 2022 Security Patch Missing for Huawei EMUI
- 671734 EulerOS Security Update for kernel (EulerOS-SA-2022-1791)
- 671749 EulerOS Security Update for kernel (EulerOS-SA-2022-1808)
- 671804 EulerOS Security Update for kernel (EulerOS-SA-2022-1844)
- 671817 EulerOS Security Update for kernel (EulerOS-SA-2022-1868)
- 751836 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0759-1)
- 751852 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0755-1)
- 751853 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0760-1)
- 751999 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0760-1)
- 753086 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0755-1)
- 753373 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1257-1)
- 753437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0763-1)
- 900708 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8681)
- 900983 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8656-1)
- 906238 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8681-1)
- 906503 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8656-2)
