CVE-2022-24958

HIGH

Linux kernel <5.16.8 - Buffer Overflow

Title source: llm

Description

drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.

References (7)

[Patch, Vendor Advisory] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=89f3594d0de58e8a57d92d497dea9fee3d4b9cda

[Patch, Third Party Advisory] https://github.com/torvalds/linux/commit/89f3594d0de58e8a57d92d497dea9fee3d4b9cda

View Patch ZIP pw:eip

[Patch, Third Party Advisory] https://github.com/torvalds/linux/commit/501e38a5531efbd77d5c73c0ba838a889bfc1d74

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TCW2KZYJ2H6BKZE3CVLHRIXYDGNYYC5P/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SUVZA2YVOQJBJTDIDQ5HF5TAU2C6WP6H/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20220225-0008/

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html

Scores

CVSS v3 7.8

EPSS 0.0005

EPSS Percentile 14.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-763

Status published

Products (12)

debian/debian_linux 9.0

fedoraproject/fedora 34

fedoraproject/fedora 35

linux/linux_kernel < 5.16.8

netapp/h300e_firmware

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500e_firmware

netapp/h500s_firmware

... and 2 more

Published Feb 11, 2022

Tracked Since Feb 18, 2026