CVE-2022-27223Improper Validation of Array Index in Kernel

CWE-129Improper Validation of Array IndexCWE-120Classic Buffer Overflow16 documents7 sources
Severity
8.8HIGHNVD
OSV5.6OSV4.7OSV4.4
EPSS
0.3%
top 44.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelDebian LinuxDebian Linux+2 more
Timeline
PublishedMar 16
Latest updateMay 12

Description

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel3.184.9.304+6
Debianlinux/linux_kernel< 5.10.103-1+3
Ubuntulinux/linux_kernel< 4.15.0-177.186+2
debiandebian/linux< linux 5.16.12-1 (bookworm)

Also affects: Debian Linux 9.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

7
OSV
linux, linux-aws, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, li2022-05-12
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-05-12
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities2022-05-12
OSV
linux, linux-aws, linux-aws-5.13, linux-azure, linux-azure-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi vulnerabilities2022-05-12
OSV
linux-oem-5.14 vulnerabilities2022-04-20

📋Vendor Advisories

8
Ubuntu
Linux kernel vulnerabilities2022-05-12
Ubuntu
Linux kernel vulnerabilities2022-05-12
Ubuntu
Linux kernel vulnerabilities2022-05-12
Ubuntu
Linux kernel vulnerabilities2022-05-12
Ubuntu
Linux kernel (OEM) vulnerabilities2022-04-20