CVE-2022-3903

Summary

CVE	CVE-2022-3903
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-14 21:15:00 UTC
Updated	2023-11-07 03:51:00 UTC
Description	An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.

Risk And Classification

Problem Types: CWE-843

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	6.1	rc5	All	All

References

Reference	Source	Link	Tags
[git:media_stage/master] media: mceusb: Use new usb_control_msg_*() routines - Mauro Carvalho Chehab	MISC	lore.kernel.org
kernel v5.19 warn in usb_composite_setup_continue - Rondreis	MISC	lore.kernel.org
kernel v5.19 warn in usb_composite_setup_continue - Rondreis		lore.kernel.org
[git:media_stage/master] media: mceusb: Use new usb_control_msg_*() routines - Mauro Carvalho Chehab		lore.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

181220 Debian Security Update for linux (CVE-2022-3903)
199295 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-6031-1)
199296 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6029-1)
199300 Ubuntu Security Notification for Linux kernel (Qualcomm Snapdragon) Vulnerabilities (USN-6030-1)
199301 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6027-1)
199356 Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-6093-1)
199465 Ubuntu Security Notification for Linux kernel (Xilinx ZynqMP) Vulnerabilities (USN-6222-1)
199560 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6001-1)
199568 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-6013-1)
199577 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6014-1)
199614 Ubuntu Security Notification for Linux kernel (IoT) Vulnerabilities (USN-6256-1)
379043 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0136)
379435 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2024:0012)
672747 EulerOS Security Update for kernel (EulerOS-SA-2023-1469)
672838 EulerOS Security Update for kernel (EulerOS-SA-2023-1584)
672851 EulerOS Security Update for kernel (EulerOS-SA-2023-1574)
672935 EulerOS Security Update for kernel (EulerOS-SA-2023-1824)
673117 EulerOS Security Update for kernel (EulerOS-SA-2023-2152)
753014 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4505-1)
753020 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4585-1)
753034 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4504-1)
753038 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4573-1)
753039 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4574-1)
753045 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4503-1)
753047 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4566-1)
753051 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4589-1)
753060 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4615-1)
753061 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4616-1)
753062 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4613-1)
753063 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:4617-1)
753703 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0416-1)
753707 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0416-1)
753727 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0416-1)