• CVE-2022-48948

发布时间: 2024年11月8日

修改时间: 2024年11月8日

概要

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvc_event->data.data array of size 60. This may result in an overflow of 4 bytes.

CVSS v3 指标

NVD openEuler
Confidentiality High Low
Attack Vector Local Local
CVSS评分 7.8 3.9
Attack Complexity Low High
Privileges Required Low High
Scope Unchanged Unchanged
Integrity High Low
User Interaction None None
Availability High Low

安全公告

公告名 概要 发布时间
KylinSec-SA-2024-4908 kernel security update 2025年2月17日

影响产品

产品 状态
KY3.4-5 kernel Fixed