CVE-2022-48837

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Jul 16, 2024
Updated: Jul 18, 2024
CWE ID 190

Summary

CVE-2022-48837 is a newly identified vulnerability in the Linux kernel's RNDIS (Remote NDIS) gadget subsystem. This issue involves an integer overflow risk in the function "rndis_set_response()." When handling large values of "BufOffset," the calculation "BufOffset + 8" may result in an integer overflow, potentially leading to unintended memory access or buffer overflow. The Linux community has released a patch to address this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share