← Back

CVE-2022-3577

nvd nist
Published: Oct 20, 2022Modified: May 8, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.

Affected (6)

Products: Linux: Linux Kernel
Linux
1 product
Linux Kernel
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Linux
Linux Kernel
From 4.20 to 5.4.198
Linux Kernel
From 5.11 to 5.15.46
Linux Kernel
From 5.16 to 5.17.14
Linux Kernel
From 5.18 to 5.18.3
Linux Kernel
From 5.5 to 5.10.121
Linux Kernel
Version 5.19 rc1

Related CWEs

CWE-401
Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

Source: secalert@redhat.com
Mailing ListPatchVendor Advisory
Source: secalert@redhat.com
Mailing ListPatchVendor Advisory
Source: secalert@redhat.com
Mailing ListPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchVendor Advisory

Timeline

No history available yet.