Unrated severityNVD Advisory· Published Oct 21, 2024· Updated May 4, 2025
usb: gadget: uvc: Prevent buffer overflow in setup handler
CVE-2022-48948
Description
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: uvc: Prevent buffer overflow in setup handler
Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvc_event->data.data array of size 60. This may result in an overflow of 4 bytes.
Affected products
82- osv-coords81 versionspkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_33&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_22&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/kernel-source&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/kernel-source&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/kernel-syms&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/kernel-syms&distro=SUSE%20Manager%20Server%204.3pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP5pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Manager%20Server%204.3
< 5.14.21-150500.33.72.1+ 80 more
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 5.14.21-150400.24.141.1.150400.24.68.2
- (no CPE)range: < 5.14.21-150400.24.141.1.150400.24.68.2
- (no CPE)range: < 5.14.21-150400.24.141.1.150400.24.68.2
- (no CPE)range: < 5.14.21-150400.24.141.1.150400.24.68.2
- (no CPE)range: < 5.14.21-150500.55.88.1.150500.6.39.4
- (no CPE)range: < 5.14.21-150500.55.88.1.150500.6.39.4
- (no CPE)range: < 5.14.21-150400.24.141.1.150400.24.68.2
- (no CPE)range: < 5.14.21-150400.24.141.1.150400.24.68.2
- (no CPE)range: < 5.14.21-150400.24.141.1.150400.24.68.2
- (no CPE)range: < 5.14.21-150400.24.141.1.150400.24.68.2
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 1-150400.9.5.1
- (no CPE)range: < 1-150500.11.3.1
- (no CPE)range: < 1-150500.11.5.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150400.15.100.1
- (no CPE)range: < 5.14.21-150400.15.100.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.15.100.1
- (no CPE)range: < 5.14.21-150400.15.100.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150500.33.72.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150500.13.76.1
- (no CPE)range: < 5.14.21-150500.55.88.1
- (no CPE)range: < 5.14.21-150400.24.141.1
- (no CPE)range: < 5.14.21-150400.24.141.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- git.kernel.org/stable/c/06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5mitre
- git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35mitre
- git.kernel.org/stable/c/4c92670b16727365699fe4b19ed32013bab2c107mitre
- git.kernel.org/stable/c/6b41a35b41f77821db24f2d8f66794b390a585c5mitre
- git.kernel.org/stable/c/7b1f773277a72f9756d47a41b94e43506cce1954mitre
- git.kernel.org/stable/c/b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2bemitre
- git.kernel.org/stable/c/bc8380fe5768c564f921f7b4eaba932e330b9e4bmitre
- git.kernel.org/stable/c/c79538f32df12887f110dcd6b9c825b482905f24mitre
- git.kernel.org/stable/c/d1a92bb8d697f170d93fe922da763d7d156b8841mitre
News mentions
0No linked articles in our index yet.