CVE-2022-49984

MEDIUM

Linux Kernel 4.18-5.19.7 - NULL Pointer Dereference in HID Steam Driver

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report It is possible for a malicious device to forgo submitting a Feature Report. The HID Steam driver presently makes no prevision for this and de-references the 'struct hid_report' pointer obtained from the HID devices without first checking its validity. Let's change that.

References (6)

Core 6

Core References

Patch

https://git.kernel.org/stable/c/c20d03b82a2e3ddbb555dad4d4f3374a9763222c

Patch

https://git.kernel.org/stable/c/fa2b822d86be5b5ad54fe4fa2daca464e71ff90a

Patch

https://git.kernel.org/stable/c/dc815761948ab5b8c94db6cb53c95103588f16ae

Patch

https://git.kernel.org/stable/c/989560b6d9e00d99e07bc33067fa1c770994bf4d

Patch

https://git.kernel.org/stable/c/dee1e51b54794e90763e70a3c78f27ba4fa930ec

Patch

https://git.kernel.org/stable/c/cd11d1a6114bd4bc6450ae59f6e110ec47362126

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 10.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-476

Status published

Products (21)

linux/Kernel 4.18.0 - 4.19.257linux

linux/Kernel 4.20.0 - 5.4.212linux

linux/Kernel 5.11.0 - 5.15.65linux

linux/Kernel 5.16.0 - 5.19.7linux

linux/Kernel 5.5.0 - 5.10.141linux

Linux/Linux < 4.18

Linux/Linux 4.18

Linux/Linux 4.19.257 - 4.19.*

Linux/Linux 5.10.141 - 5.10.*

Linux/Linux 5.15.65 - 5.15.*

... and 11 more

Published Jun 18, 2025

Tracked Since Feb 18, 2026