CVE-2022-2964
published 2022-09-09CVE-2022-2964: A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 5.16.10-1 (bookworm) | linux 5.16.10-1 (bookworm) |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.103-1 | 5.10.103-1 |
| linux | linux_kernel | >= 0 < 5.16.10-1 | 5.16.10-1 |
| linux | linux_kernel | >= 0 < 5.16.10-1 | 5.16.10-1 |
| linux | linux_kernel | >= 0 < 5.16.10-1 | 5.16.10-1 |
| linux | linux_kernel | >= 0 < 4.4.0-234.268 | 4.4.0-234.268 |
| linux | linux_kernel | >= 4.20 < 5.4.180 | 5.4.180 |
| linux | linux_kernel | >= 5.11 < 5.15.24 | 5.15.24 |
| linux | linux_kernel | >= 5.16 < 5.16.10 | 5.16.10 |
| linux | linux_kernel | >= 5.5 < 5.10.101 | 5.10.101 |
| paloalto | pan-os | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
CISA ICS
ABB M2M Gateway
cisa_ics·2025-04-15
ABB M2M Gateway
ICS Advisory
##
ABB M2M Gateway
Release DateApril 15, 2025
Alert CodeICSA-25-105-08
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: ABB
- Equipment: M2M Gateway
- Vulnerabilities: Integer Overflow or Wraparound, Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), Unquoted Search Path or Element, Untrusted Search Path, Use After Free, Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Missing Release of Memory after Effective Lifetime, Allocation of Resources Without Limits or Throttling, Improper Privilege Management, Improper Limitati
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-02-14·CVSS 9.8
CVE-2017-18342 [CRITICAL] PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2017-18342, CVE-2017-8923, CVE-2017-9120, CVE-2019-1551, CVE-2019-16865, CVE-2019-16905, CVE-2019-19523, CVE-2019-19528, CVE-2019-19911, CVE-2020-0404, CVE-2020-0431, CVE-2020-0466, CVE-2020-10379, CVE-2020-11538, CVE-2020-11608, CVE-2020-12114, CVE-2020-12321, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13757, CVE-2020-14314, CVE-2020-14351, CVE-2020-15778, CVE-2020-1967, CVE-2020-24394, CVE-2020-24504, CVE-2020-25211, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25717, CVE-2020-26541, CVE-2020-2715
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-09-30·CVSS 6.7
CVE-2021-4037 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)
It was discovered that the virtual terminal driver in the Linux kernel did
not properly handle VGA console font changes, leading to an out-of-bounds
write. A local attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2021-33656)
Christian Brauner discovered that the XFS file system implementation in the
Linux kernel did not properly handle setg
Red Hat
kernel: memory corruption in AX88179_178A based USB ethernet device.
vendor_redhat·2022-03-21·CVSS 7.8
CVE-2022-2964 [HIGH] CWE-119 kernel: memory corruption in AX88179_178A based USB ethernet device.
kernel: memory corruption in AX88179_178A based USB ethernet device.
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
Mitigation: Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2022-2964: linux - A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based US...
vendor_debian·2022·CVSS 7.8
CVE-2022-2964 [HIGH] CVE-2022-2964: linux - A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based US...
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
Scope: local
bookworm: resolved (fixed in 5.16.10-1)
bullseye: resolved (fixed in 5.10.103-1)
forky: resolved (fixed in 5.16.10-1)
sid: resolved (fixed in 5.16.10-1)
trixie: resolved (fixed in 5.16.10-1)
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2022-09-30·CVSS 6.7
CVE-2021-33655 [MEDIUM] linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)
It was discovered that the virtual terminal driver in the Linux kernel did
not properly handle VGA console font changes, leading to an out-of-bounds
write. A local attacker could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2021-33656)
Christian Brauner discovered that the XFS file system implementation in the
Linux kernel did not properly handle setgid file creation. A local attacker
could
GHSA
GHSA-fqwg-v36p-p5p4: A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2
ghsa_unreviewed·2022-09-10
CVE-2022-2964 [HIGH] CWE-119 GHSA-fqwg-v36p-p5p4: A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
OSV
CVE-2022-2964: A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2
osv·2022-09-09·CVSS 7.8
CVE-2022-2964 [HIGH] CVE-2022-2964: A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-09-09
Published