{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2022-48805",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-07-16T11:38:08.896Z",
        "datePublished": "2024-07-16T11:43:56.950Z",
        "dateUpdated": "2024-09-11T17:34:13.907Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-07-16T11:43:56.950Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup\n\nax88179_rx_fixup() contains several out-of-bounds accesses that can be\ntriggered by a malicious (or defective) USB device, in particular:\n\n - The metadata array (hdr_off..hdr_off+2*pkt_cnt) can be out of bounds,\n   causing OOB reads and (on big-endian systems) OOB endianness flips.\n - A packet can overlap the metadata array, causing a later OOB\n   endianness flip to corrupt data used by a cloned SKB that has already\n   been handed off into the network stack.\n - A packet SKB can be constructed whose tail is far beyond its end,\n   causing out-of-bounds heap data to be considered part of the SKB's\n   data.\n\nI have tested that this can be used by a malicious USB device to send a\nbogus ICMPv6 Echo Request and receive an ICMPv6 Echo Reply in response\nthat contains random kernel heap data.\nIt's probably also possible to get OOB writes from this on a\nlittle-endian system somehow - maybe by triggering skb_cow() via IP\noptions processing -, but I haven't tested that."
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/net/usb/ax88179_178a.c"
                    ],
                    "versions": [
                        {
                            "version": "e2ca90c276e1",
                            "lessThan": "711b6bf3fb05",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "e2ca90c276e1",
                            "lessThan": "63f0cfb36c1f",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "e2ca90c276e1",
                            "lessThan": "1668781ed24d",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "e2ca90c276e1",
                            "lessThan": "a0fd5492ee76",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "e2ca90c276e1",
                            "lessThan": "758290defe93",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "e2ca90c276e1",
                            "lessThan": "ffd0393adcdc",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "e2ca90c276e1",
                            "lessThan": "9681823f96a8",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "e2ca90c276e1",
                            "lessThan": "57bc3d3ae8c1",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "drivers/net/usb/ax88179_178a.c"
                    ],
                    "versions": [
                        {
                            "version": "3.9",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "3.9",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "4.9.303",
                            "lessThanOrEqual": "4.9.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "4.14.268",
                            "lessThanOrEqual": "4.14.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "4.19.231",
                            "lessThanOrEqual": "4.19.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.4.180",
                            "lessThanOrEqual": "5.4.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.10.101",
                            "lessThanOrEqual": "5.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.15.24",
                            "lessThanOrEqual": "5.15.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.16.10",
                            "lessThanOrEqual": "5.16.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.17",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/711b6bf3fb052f0a6b5b3205d50e30c0c2980382"
                },
                {
                    "url": "https://git.kernel.org/stable/c/63f0cfb36c1f1964a59ce544156677601e2d8740"
                },
                {
                    "url": "https://git.kernel.org/stable/c/1668781ed24da43498799aa4f65714a7de201930"
                },
                {
                    "url": "https://git.kernel.org/stable/c/a0fd5492ee769029a636f1fb521716b022b1423d"
                },
                {
                    "url": "https://git.kernel.org/stable/c/758290defe93a865a2880d10c5d5abd288b64b5d"
                },
                {
                    "url": "https://git.kernel.org/stable/c/ffd0393adcdcefab7e131488e10dcfde5e02d6eb"
                },
                {
                    "url": "https://git.kernel.org/stable/c/9681823f96a811268265f35307072ad80713c274"
                },
                {
                    "url": "https://git.kernel.org/stable/c/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581"
                }
            ],
            "title": "net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup",
            "x_generator": {
                "engine": "bippy-c9c4e1df01b2"
            }
        },
        "adp": [
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-03T15:25:01.769Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://git.kernel.org/stable/c/711b6bf3fb052f0a6b5b3205d50e30c0c2980382",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/63f0cfb36c1f1964a59ce544156677601e2d8740",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/1668781ed24da43498799aa4f65714a7de201930",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/a0fd5492ee769029a636f1fb521716b022b1423d",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/758290defe93a865a2880d10c5d5abd288b64b5d",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/ffd0393adcdcefab7e131488e10dcfde5e02d6eb",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/9681823f96a811268265f35307072ad80713c274",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            },
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "id": "CVE-2022-48805",
                                "role": "CISA Coordinator",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "version": "2.0.3",
                                "timestamp": "2024-09-10T16:58:50.903350Z"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-09-11T17:34:13.907Z"
                }
            }
        ]
    }
}