CVE-2022-25375

MEDIUM

Linux kernel <5.16.10 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-25375. PoCs published by szymonh.

AI-analyzed exploit summary This PoC exploits CVE-2022-25375, an information leak vulnerability in the Linux RNDIS USB gadget driver. It manipulates the InformationBufferOffset to read kernel memory by setting and querying the packet filter OID.

Description

An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.

Exploits (1)

nomisec WORKING POC 8 stars

by szymonh · poc

https://github.com/szymonh/rndis-co

View Code ZIP pw:eip

This PoC exploits CVE-2022-25375, an information leak vulnerability in the Linux RNDIS USB gadget driver. It manipulates the InformationBufferOffset to read kernel memory by setting and querying the packet filter OID.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel RNDIS USB gadget (pre-5.16.10)

No auth needed

Prerequisites: Physical or logical access to a USB RNDIS gadget interface · pyusb library

MITRE ATT&CK