CVE-2022-48948
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-48948
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48948.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-48948
- Downstream
- Related
- Published
- 2024-10-21T20:15:06Z
- Modified
- 2025-08-09T19:01:28Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: uvc: Prevent buffer overflow in setup handler
Setup function uvcfunctionsetup permits control transfer requests with up to 64 bytes of payload (UVCMAXREQUESTSIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvcevent->data.data array of size 60. This may result in an overflow of 4 bytes.
- References
-
- https://git.kernel.org/stable/c/06fd17ee92c8f1704c7e54ec0fd50ae0542a49a5
- https://git.kernel.org/stable/c/4972e3528b968665b596b5434764ff8fd9446d35
- https://git.kernel.org/stable/c/4c92670b16727365699fe4b19ed32013bab2c107
- https://git.kernel.org/stable/c/6b41a35b41f77821db24f2d8f66794b390a585c5
- https://git.kernel.org/stable/c/7b1f773277a72f9756d47a41b94e43506cce1954
- https://git.kernel.org/stable/c/b8fb1cba934ea122b50f13a4f9d6fc4fdc43d2be
- https://git.kernel.org/stable/c/bc8380fe5768c564f921f7b4eaba932e330b9e4b
- https://git.kernel.org/stable/c/c79538f32df12887f110dcd6b9c825b482905f24
- https://git.kernel.org/stable/c/d1a92bb8d697f170d93fe922da763d7d156b8841