Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-25375

Опубликовано: 11 фев. 2022
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.

An information disclosure vulnerability was found in the Linux kernel. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. This flaw allows a local attacker to dump contents of kernel memory space via a packet filter update mechanism and potentially extract sensitive information.

Отчет

Red Hat Enterprise Linux is not affected by this flaw as CONFIG_USB_GADGET is not enabled in any current shipping kernels.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-668->CWE-552
https://bugzilla.redhat.com/show_bug.cgi?id=2059923kernel: information disclosure in drivers/usb/gadget/function/rndis.c

EPSS

Процентиль: 37%
0.00149
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-25375

CVSS3: 5.5
ubuntu
больше 3 лет назад

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.

nvd логотип

CVE-2022-25375

CVSS3: 5.5
nvd
больше 3 лет назад

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.

debian логотип

CVE-2022-25375

CVSS3: 5.5
debian
больше 3 лет назад

An issue was discovered in drivers/usb/gadget/function/rndis.c in the ...

github логотип

GHSA-3q9w-xvhm-rg6c

CVSS3: 5.5
github
больше 3 лет назад

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.

fstec логотип

BDU:2022-00891

CVSS3: 3.3
fstec
больше 3 лет назад

Уязвимость драйвера drivers/usb/gadget/function/rndis.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 37%
0.00149
Низкий

5.5 Medium

CVSS3