Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2022-49551

Disclosure Date: February 26, 2025 •

CVE-2022-49551

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: isp1760: Fix out-of-bounds array access

Running the driver through kasan gives an interesting splat:

BUG: KASAN: global-out-of-bounds in isp1760_register+0x180/0x70c
Read of size 20 at addr f1db2e64 by task swapper/0/1
(…)
isp1760_register from isp1760_plat_probe+0x1d8/0x220
(…)

This happens because the loop reading the regmap fields for the
different ISP1760 variants look like this:

for (i = 0; i < HC_FIELD_MAX; i++) { … }

Meaning it expects the arrays to be at least HC_FIELD_MAX – 1 long.

However the arrays isp1760_hc_reg_fields[], isp1763_hc_reg_fields[],
isp1763_hc_volatile_ranges[] and isp1763_dc_volatile_ranges[] are
dynamically sized during compilation.

Fix this by putting an empty assignment to the [HC_FIELD_MAX]
and [DC_FIELD_MAX] array member at the end of each array.
This will make the array one member longer than it needs to be,
but avoids the risk of overwriting whatever is inside
[HC_FIELD_MAX – 1] and is simple and intuitive to read. Also
add comments explaining what is going on.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

Linux

Products

Linux

References

Canonical

CVE-2022-49551 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-49551)

Miscellaneous

https://git.kernel.org/stable/c/bf2558bbdce3ab1d6bcba09f354914e4515d0a2b

https://git.kernel.org/stable/c/47d39cb57e8669e507d17d9e0d067d2b3e3a87ae

https://git.kernel.org/stable/c/463bddd3ff1acf4036ddb80c34a715eb99debf46

https://git.kernel.org/stable/c/26ae2c942b5702f2e43d36b2a4389cfb7d616b6a

Rapid7

Unknown

CVE-2022-49551

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2022-49551

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2022-49551

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2022-49551

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification