CVE-2022-48948

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-48948
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-48948.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-48948
Downstream
Related
Published
2024-10-21T20:15:06Z
Modified
2025-08-09T19:01:28Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: uvc: Prevent buffer overflow in setup handler

Setup function uvcfunctionsetup permits control transfer requests with up to 64 bytes of payload (UVCMAXREQUESTSIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvcevent->data.data array of size 60. This may result in an overflow of 4 bytes.

References

Affected packages