Description

In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the sanity check. Both offset and offset + len need to be checked in such a manner that no overflow can occur. And those quantities should be unsigned.

INFO

Published Date :

2024-08-22T03:31:33.381Z

Last Modified :

2025-12-23T13:21:10.313Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2022-48938 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-48938.

URL Resource
https://git.kernel.org/stable/c/49909c9f8458cacb5b241106cba65aba5a6d8f4c cve-icon cve-icon
https://git.kernel.org/stable/c/69560efa001397ebb8dc1c3e6a3ce00302bb9f7f cve-icon cve-icon
https://git.kernel.org/stable/c/7b737e47b87589031f0d4657f6d7b0b770474925 cve-icon cve-icon
https://git.kernel.org/stable/c/8d2b1a1ec9f559d30b724877da4ce592edc41fdc cve-icon cve-icon
https://git.kernel.org/stable/c/9957fbf34f52a4d8945d1bf39aae400ef9a11246 cve-icon cve-icon
https://git.kernel.org/stable/c/a612395c7631918e0e10ea48b9ce5ab4340f26a6 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024082225-CVE-2022-48938-4501@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2022-48938 cve-icon
https://www.cve.org/CVERecord?id=CVE-2022-48938 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact