CVE-2022-49051

MEDIUM

Linux kernel - Buffer Overflow

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup aqc111_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The metadata array (desc_offset..desc_offset+2*pkt_count) can be out of bounds, causing OOB reads and (on big-endian systems) OOB endianness flips. - A packet can overlap the metadata array, causing a later OOB endianness flip to corrupt data used by a cloned SKB that has already been handed off into the network stack. - A packet SKB can be constructed whose tail is far beyond its end, causing out-of-bounds heap data to be considered part of the SKB's data. Found doing variant analysis. Tested it with another driver (ax88179_178a), since I don't have a aqc111 device to test it, but the code looks very similar.

References (5)

Core 5

Scores

CVSS v3 6.8
EPSS 0.0002
EPSS Percentile 6.8%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-125 CWE-787
Status published
Products (6)
linux/Kernel 5.0.0 - 5.4.190linux
linux/Kernel 5.11.0 - 5.15.35linux
linux/Kernel 5.16.0 - 5.17.4linux
linux/Kernel 5.5.0 - 5.10.112linux
linux/linux_kernel 5.18 rc1
linux/linux_kernel 5.0 - 5.4.190
Published Feb 26, 2025
Tracked Since Feb 18, 2026