CVE-2022-27223

Published: Mar 16, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.

Affected (16)

Products: Linux: Linux Kernel · Netapp: Active Iq Unified Manager, H500s Firmware, H700s Firmware, H300e Firmware, H500e Firmware, H700e Firmware, H410s Firmware, H300s Firmware · Debian: Debian Linux

Linux

1 product

Linux Kernel

Netapp

8 products

Active Iq Unified Manager

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.18 to 4.9.304
Linux Linux Kernel	From 4.10 to 4.14.269
Linux Linux Kernel	From 4.15 to 4.19.232
Linux Linux Kernel	From 4.20 to 5.4.182
Linux Linux Kernel	From 5.11 to 5.15.26
Linux Linux Kernel	From 5.16 to 5.16.12
Linux Linux Kernel	From 5.5 to 5.10.103

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300e Firmware	All versions

Running on/with	Platform Versions
Netapp H300e	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500e Firmware	All versions

Running on/with	Platform Versions
Netapp H500e	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700e Firmware	All versions

Running on/with	Platform Versions
Netapp H700e	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration J

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (8)

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12

Source: cve@mitre.org

Mailing ListRelease NotesVendor Advisory

https://github.com/torvalds/linux/commit/7f14c7227f342d9932f9b918893c8814f86d2a0d

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20220419-0001/

Source: cve@mitre.org

Third Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListRelease NotesVendor Advisory

https://github.com/torvalds/linux/commit/7f14c7227f342d9932f9b918893c8814f86d2a0d

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20220419-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.