cve-2022-48926
Vulnerability from cvelistv5
Published
2024-08-22 03:31
Modified
2024-12-19 08:10
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: rndis: add spinlock for rndis response list
There's no lock for rndis response list. It could cause list corruption
if there're two different list_add at the same time like below.
It's better to add in rndis_add_response / rndis_free_response
/ rndis_get_next_response to prevent any race condition on response list.
[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.
next->prev should be prev (ffffff80651764d0),
but was ffffff883dc36f80. (next=ffffff80651764d0).
[ 361.904380] [1: irq/191-dwc3:16979] Call trace:
[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90
[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0
[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84
[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4
[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60
[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0
[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc
[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc
[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec
[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linux | Linux |
Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 Version: f6281af9d62e128aa6efad29cf7265062af114f2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:33:05.816809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:10.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/rndis.c",
"drivers/usb/gadget/function/rndis.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9f5d8ba538ef81cd86ea587ca3f8c77e26bea405",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "669c2b178956718407af5631ccbc61c24413f038",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "9f688aadede6b862a0a898792b1a35421c93636f",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "9ab652d41deab49848673c3dadb57ad338485376",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "4ce247af3f30078d5b97554f1ae6200a0222c15a",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "da514063440b53a27309a4528b726f92c3cfe56f",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "33222d1571d7ce8c1c75f6b488f38968fa93d2d9",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
},
{
"lessThan": "aaaba1c86d04dac8e49bf508b492f81506257da3",
"status": "affected",
"version": "f6281af9d62e128aa6efad29cf7265062af114f2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/rndis.c",
"drivers/usb/gadget/function/rndis.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.6"
},
{
"lessThan": "4.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.304",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.232",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: rndis: add spinlock for rndis response list\n\nThere\u0027s no lock for rndis response list. It could cause list corruption\nif there\u0027re two different list_add at the same time like below.\nIt\u0027s better to add in rndis_add_response / rndis_free_response\n/ rndis_get_next_response to prevent any race condition on response list.\n\n[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.\nnext-\u003eprev should be prev (ffffff80651764d0),\nbut was ffffff883dc36f80. (next=ffffff80651764d0).\n\n[ 361.904380] [1: irq/191-dwc3:16979] Call trace:\n[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90\n[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0\n[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84\n[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4\n[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60\n[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0\n[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc\n[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc\n[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec\n[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c"
}
],
"providerMetadata": {
"dateUpdated": "2024-12-19T08:10:39.465Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9f5d8ba538ef81cd86ea587ca3f8c77e26bea405"
},
{
"url": "https://git.kernel.org/stable/c/669c2b178956718407af5631ccbc61c24413f038"
},
{
"url": "https://git.kernel.org/stable/c/9f688aadede6b862a0a898792b1a35421c93636f"
},
{
"url": "https://git.kernel.org/stable/c/9ab652d41deab49848673c3dadb57ad338485376"
},
{
"url": "https://git.kernel.org/stable/c/4ce247af3f30078d5b97554f1ae6200a0222c15a"
},
{
"url": "https://git.kernel.org/stable/c/da514063440b53a27309a4528b726f92c3cfe56f"
},
{
"url": "https://git.kernel.org/stable/c/33222d1571d7ce8c1c75f6b488f38968fa93d2d9"
},
{
"url": "https://git.kernel.org/stable/c/aaaba1c86d04dac8e49bf508b492f81506257da3"
}
],
"title": "usb: gadget: rndis: add spinlock for rndis response list",
"x_generator": {
"engine": "bippy-5f407fcff5a0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48926",
"datePublished": "2024-08-22T03:31:18.572Z",
"dateReserved": "2024-08-21T06:06:23.297Z",
"dateUpdated": "2024-12-19T08:10:39.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-48926\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-22T04:15:15.363\",\"lastModified\":\"2024-08-23T02:05:14.960\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nusb: gadget: rndis: add spinlock for rndis response list\\n\\nThere\u0027s no lock for rndis response list. It could cause list corruption\\nif there\u0027re two different list_add at the same time like below.\\nIt\u0027s better to add in rndis_add_response / rndis_free_response\\n/ rndis_get_next_response to prevent any race condition on response list.\\n\\n[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.\\nnext-\u003eprev should be prev (ffffff80651764d0),\\nbut was ffffff883dc36f80. (next=ffffff80651764d0).\\n\\n[ 361.904380] [1: irq/191-dwc3:16979] Call trace:\\n[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90\\n[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0\\n[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84\\n[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4\\n[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60\\n[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0\\n[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc\\n[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc\\n[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec\\n[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: usb: gadget: rndis: agregar spinlock para la lista de respuestas de rndis No hay bloqueo para la lista de respuestas de rndis. Podr\u00eda causar corrupci\u00f3n en la lista si hay dos list_add diferentes al mismo tiempo, como se muestra a continuaci\u00f3n. Es mejor agregar rndis_add_response / rndis_free_response / rndis_get_next_response para evitar cualquier condici\u00f3n de ejecuci\u00f3n en la lista de respuestas. [ 361.894299] [1: irq/191-dwc3:16979] list_add corrupci\u00f3n. siguiente-\u0026gt;anterior deber\u00eda ser anterior (ffffff80651764d0), pero era ffffff883dc36f80. (siguiente=ffffff80651764d0). [ 361.904380] [1: irq/191-dwc3:16979] Rastreo de llamadas: [ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90 [ 361.904401] [1: irq/191-dwc3:16979 ] rndis_msg_parser+0x168/0x8c0 [ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84 [ 361.904417] [1: irq/191-dwc3:16979] misi\u00f3n+0x20/0xe4 [ 361.904426] [1: irq /191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60 [ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0 [ 361.904442] [1: 16979] dwc3_ep0_interrupt+0x29c/0x3dc [ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc [ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec [ 361.904465 ] [1: irq/191-dwc3: 16979] dwc3_thread_interrupt+0x34/0x5c\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.6\",\"versionEndExcluding\":\"4.9.304\",\"matchCriteriaId\":\"FA1E6BF0-F833-4FBE-8171-CC3C308EB3A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.14.269\",\"matchCriteriaId\":\"F0F577D3-EFEA-42CF-80AA-905297529D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15\",\"versionEndExcluding\":\"4.19.232\",\"matchCriteriaId\":\"EF11C6DC-8B9A-4A37-B1E6-33B68F5366ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.182\",\"matchCriteriaId\":\"EE74CED8-43BF-4060-9578-93A09735B4E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.103\",\"matchCriteriaId\":\"1A95B717-3110-4D4F-B8FC-373919BB514D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.26\",\"matchCriteriaId\":\"9AB342AE-A62E-4947-A6EA-511453062B2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"5.16.12\",\"matchCriteriaId\":\"C76BAB21-7F23-4AD8-A25F-CA7B262A2698\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/33222d1571d7ce8c1c75f6b488f38968fa93d2d9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4ce247af3f30078d5b97554f1ae6200a0222c15a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/669c2b178956718407af5631ccbc61c24413f038\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9ab652d41deab49848673c3dadb57ad338485376\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9f5d8ba538ef81cd86ea587ca3f8c77e26bea405\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9f688aadede6b862a0a898792b1a35421c93636f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/aaaba1c86d04dac8e49bf508b492f81506257da3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/da514063440b53a27309a4528b726f92c3cfe56f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-48926\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T15:33:05.816809Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:15.624Z\"}}], \"cna\": {\"title\": \"usb: gadget: rndis: add spinlock for rndis response list\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"f6281af9d62e\", \"lessThan\": \"9f5d8ba538ef\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f6281af9d62e\", \"lessThan\": \"669c2b178956\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f6281af9d62e\", \"lessThan\": \"9f688aadede6\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f6281af9d62e\", \"lessThan\": \"9ab652d41dea\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f6281af9d62e\", \"lessThan\": \"4ce247af3f30\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f6281af9d62e\", \"lessThan\": \"da514063440b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f6281af9d62e\", \"lessThan\": \"33222d1571d7\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"f6281af9d62e\", \"lessThan\": \"aaaba1c86d04\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/usb/gadget/function/rndis.c\", \"drivers/usb/gadget/function/rndis.h\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.6\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.6\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.9.304\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.9.*\"}, {\"status\": \"unaffected\", \"version\": \"4.14.269\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.232\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.182\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.103\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.26\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"5.16.12\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.16.*\"}, {\"status\": \"unaffected\", \"version\": \"5.17\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/usb/gadget/function/rndis.c\", \"drivers/usb/gadget/function/rndis.h\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/9f5d8ba538ef81cd86ea587ca3f8c77e26bea405\"}, {\"url\": \"https://git.kernel.org/stable/c/669c2b178956718407af5631ccbc61c24413f038\"}, {\"url\": \"https://git.kernel.org/stable/c/9f688aadede6b862a0a898792b1a35421c93636f\"}, {\"url\": \"https://git.kernel.org/stable/c/9ab652d41deab49848673c3dadb57ad338485376\"}, {\"url\": \"https://git.kernel.org/stable/c/4ce247af3f30078d5b97554f1ae6200a0222c15a\"}, {\"url\": \"https://git.kernel.org/stable/c/da514063440b53a27309a4528b726f92c3cfe56f\"}, {\"url\": \"https://git.kernel.org/stable/c/33222d1571d7ce8c1c75f6b488f38968fa93d2d9\"}, {\"url\": \"https://git.kernel.org/stable/c/aaaba1c86d04dac8e49bf508b492f81506257da3\"}], \"x_generator\": {\"engine\": \"bippy-9e1c9544281a\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nusb: gadget: rndis: add spinlock for rndis response list\\n\\nThere\u0027s no lock for rndis response list. It could cause list corruption\\nif there\u0027re two different list_add at the same time like below.\\nIt\u0027s better to add in rndis_add_response / rndis_free_response\\n/ rndis_get_next_response to prevent any race condition on response list.\\n\\n[ 361.894299] [1: irq/191-dwc3:16979] list_add corruption.\\nnext-\u003eprev should be prev (ffffff80651764d0),\\nbut was ffffff883dc36f80. (next=ffffff80651764d0).\\n\\n[ 361.904380] [1: irq/191-dwc3:16979] Call trace:\\n[ 361.904391] [1: irq/191-dwc3:16979] __list_add_valid+0x74/0x90\\n[ 361.904401] [1: irq/191-dwc3:16979] rndis_msg_parser+0x168/0x8c0\\n[ 361.904409] [1: irq/191-dwc3:16979] rndis_command_complete+0x24/0x84\\n[ 361.904417] [1: irq/191-dwc3:16979] usb_gadget_giveback_request+0x20/0xe4\\n[ 361.904426] [1: irq/191-dwc3:16979] dwc3_gadget_giveback+0x44/0x60\\n[ 361.904434] [1: irq/191-dwc3:16979] dwc3_ep0_complete_data+0x1e8/0x3a0\\n[ 361.904442] [1: irq/191-dwc3:16979] dwc3_ep0_interrupt+0x29c/0x3dc\\n[ 361.904450] [1: irq/191-dwc3:16979] dwc3_process_event_entry+0x78/0x6cc\\n[ 361.904457] [1: irq/191-dwc3:16979] dwc3_process_event_buf+0xa0/0x1ec\\n[ 361.904465] [1: irq/191-dwc3:16979] dwc3_thread_interrupt+0x34/0x5c\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-11-04T12:19:19.034Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-48926\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-04T12:19:19.034Z\", \"dateReserved\": \"2024-08-21T06:06:23.297Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-08-22T03:31:18.572Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.