CVE-2022-41850

Опубликовано: 30 сент. 2022

Источник: redhat

CVSS3: 4.7

Описание

roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.

A race issue was found in roccat_report_event in drivers/hid/hid-roccat.c in the Human Interface Devices (HID) sub-component in the Linux kernel. This flaw allows a local attacker with a standard user privilege to cause a denial of service.

Меры по смягчению последствий

This flaw can be mitigated by preventing the affected USB Roccat kernel module from loading during the boot time. Ensure the module is added into the blacklist file.

Refer: How do I blacklist a kernel module to prevent it from loading automatically? https://access.redhat.com/solutions/41278

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Out of support scope
Red Hat Enterprise Linux 7	kernel-rt	Out of support scope
Red Hat Enterprise Linux 8	kernel	Fix deferred
Red Hat Enterprise Linux 8	kernel-rt	Fix deferred
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 9	kernel-rt	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-362->CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2131378kernel: Race condition in roccat_report_event in drivers/hid/hid-roccat.c

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2022-41850

CVSS3: 4.7

ubuntu

около 3 лет назад

CVE-2022-41850

CVSS3: 4.7

nvd

около 3 лет назад

CVE-2022-41850

CVSS3: 4.7

msrc

около 3 лет назад

CVE-2022-41850

CVSS3: 4.7

debian

около 3 лет назад

roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...

GHSA-hvrc-p628-rmrc

CVSS3: 4.7

github

около 3 лет назад

4.7 Medium

CVSS3