CVE-2022-27223

Summary

CVE	CVE-2022-27223
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-03-16 00:15:00 UTC
Updated	2023-01-19 03:24:00 UTC
Description	In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.

Risk And Classification

Problem Types: CWE-129

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All

References

Reference	Source	Link	Tags
February 2022 Linux Kernel Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12	MISC	cdn.kernel.org
[SECURITY] [DLA 3065-1] linux security update	MLIST	lists.debian.org
USB: gadget: validate endpoint index for xilinx udc · torvalds/linux@7f14c72 · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

179154 Debian Security Update for linux (CVE-2022-27223)
180282 Debian Security Update for linux (DLA 3065-1)
198747 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5381-1)
198782 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5417-1)
198784 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5418-1)
198785 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5415-1)
354468 Amazon Linux Security Advisory for kernel : ALAS2022-2022-185
354499 Amazon Linux Security Advisory for kernel : ALAS2022-2022-042
354542 Amazon Linux Security Advisory for kernel : ALAS-2022-185
355199 Amazon Linux Security Advisory for kernel : ALAS2023-2023-070
376925 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)
377766 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2022:0049)
377871 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0001)
671749 EulerOS Security Update for kernel (EulerOS-SA-2022-1808)
671771 EulerOS Security Update for kernel (EulerOS-SA-2022-1829)
671804 EulerOS Security Update for kernel (EulerOS-SA-2022-1844)
671817 EulerOS Security Update for kernel (EulerOS-SA-2022-1868)
753348 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1038-1)
753417 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1163-1)
900762 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9055)
901355 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9055-1)
901659 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9067-1)
905802 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9055-2)
906294 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9067-2)