CVE-2022-48866
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48866
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48866.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-48866
- Downstream
- Related
- Published
- 2024-07-16T12:25:28Z
- Modified
- 2025-10-14T20:09:04.142347Z
- Summary
- HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts
Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints.
Code should not blindly access usbhostinterface::endpoint array, since it may contain less endpoints than code expects.
Fix it by adding missing validaion check and print an error if number of endpoints do not match expected number
- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc49c33637802a2c6957a78119eb8be3b055dd9e9Fixed3ffbe85cda7f523dad896bae08cecd8db8b555ab
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc49c33637802a2c6957a78119eb8be3b055dd9e9Fixed56185434e1e50acecee56d8f5850135009b87947
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc49c33637802a2c6957a78119eb8be3b055dd9e9Fixedfc3ef2e3297b3c0e2006b5d7b3d66965e3392036
Affected versions
v5.*
v5.12
v5.12-rc1
v5.12-rc1-dontuse
v5.12-rc2
v5.12-rc3
v5.12-rc4
v5.12-rc5
v5.12-rc6
v5.12-rc7
v5.12-rc8
v5.13
v5.13-rc1
v5.13-rc2
v5.13-rc3
v5.13-rc4
v5.13-rc5
v5.13-rc6
v5.13-rc7
v5.14
v5.14-rc1
v5.14-rc2
v5.14-rc3
v5.14-rc4
v5.14-rc5
v5.14-rc6
v5.14-rc7
v5.15
v5.15-rc1
v5.15-rc2
v5.15-rc3
v5.15-rc4
v5.15-rc5
v5.15-rc6
v5.15-rc7
v5.15.1
v5.15.10
v5.15.11
v5.15.12
v5.15.13
v5.15.14
v5.15.15
v5.15.16
v5.15.17
v5.15.18
v5.15.19
v5.15.2
v5.15.20
v5.15.21
v5.15.22
v5.15.23
v5.15.24
v5.15.25
v5.15.26
v5.15.27
v5.15.28
v5.15.3
v5.15.4
v5.15.5
v5.15.6
v5.15.7
v5.15.8
v5.15.9
v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.16.1
v5.16.10
v5.16.11
v5.16.12
v5.16.13
v5.16.14
v5.16.2
v5.16.3
v5.16.4
v5.16.5
v5.16.6
v5.16.7
v5.16.8
v5.16.9
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "drivers/hid/hid-thrustmaster.c",
"function": "thrustmaster_interrupts"
},
"id": "CVE-2022-48866-1430fed4",
"digest": {
"length": 767.0,
"function_hash": "4128621448344312689808855894328507917"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fc3ef2e3297b3c0e2006b5d7b3d66965e3392036"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/hid/hid-thrustmaster.c"
},
"id": "CVE-2022-48866-17ac13f3",
"digest": {
"line_hashes": [
"293803758266143704275928039220512539555",
"186749831766223368071418125127399677493",
"37000268547017870100139240949912827169"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56185434e1e50acecee56d8f5850135009b87947"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "drivers/hid/hid-thrustmaster.c",
"function": "thrustmaster_interrupts"
},
"id": "CVE-2022-48866-52075f8a",
"digest": {
"length": 767.0,
"function_hash": "4128621448344312689808855894328507917"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56185434e1e50acecee56d8f5850135009b87947"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/hid/hid-thrustmaster.c"
},
"id": "CVE-2022-48866-d68df5d7",
"digest": {
"line_hashes": [
"293803758266143704275928039220512539555",
"186749831766223368071418125127399677493",
"37000268547017870100139240949912827169"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ffbe85cda7f523dad896bae08cecd8db8b555ab"
},
{
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/hid/hid-thrustmaster.c"
},
"id": "CVE-2022-48866-f360e24e",
"digest": {
"line_hashes": [
"293803758266143704275928039220512539555",
"186749831766223368071418125127399677493",
"37000268547017870100139240949912827169"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fc3ef2e3297b3c0e2006b5d7b3d66965e3392036"
},
{
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "drivers/hid/hid-thrustmaster.c",
"function": "thrustmaster_interrupts"
},
"id": "CVE-2022-48866-f8743e34",
"digest": {
"length": 767.0,
"function_hash": "4128621448344312689808855894328507917"
},
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3ffbe85cda7f523dad896bae08cecd8db8b555ab"
}
]
}