CVE-2022-48834

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jul 16, 2024
Updated: Jul 19, 2024

Summary

CVE-2022-48834 is a vulnerability in the Linux kernel's usbtmc driver. The syzbot fuzzer discovered a bug where pipe directions were not correctly matched for control transfers. The usbtmc_ioctl_request() function incorrectly used usb_rcvctrlpipe() for all transfers, leading to a potential issue with control transfer directions. This could potentially allow unintended data flow or cause system instability. The vulnerability has been resolved in Linux kernel version 5.17.0-rc5-syzkaller-00306-g2293be58d6a1.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share