Vulnerabilities > CVE-2022-25258 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 4.6 - MEDIUM
Attack vector
PHYSICAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.

Vulnerable Configurations

Part Description Count
OS
Linux
4942
OS
Fedoraproject
1
OS
Debian
3
OS
Netapp
5
Application
Netapp
1
Hardware
Netapp
5

Common Weakness Enumeration (CWE)