Launchpad.net

CVE 2022-25258

An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.

Related bugs and status

CVE-2022-25258 (Candidate) is related to these bugs:

Bug #1971205: CVE-2022-25258 and CVE-2022-25375

		In	Importance	Status
1971205	CVE-2022-25258 and CVE-2022-25375	linux-azure-5.13 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-aws (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-aws-5.4 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-azure (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-azure-4.15 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-azure-5.4 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-bluefield (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-dell300x (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-gcp (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-gcp-4.15 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-gcp-5.4 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-gke (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-gke-5.4 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-gkeop (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-gkeop-5.4 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-hwe-5.13 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-hwe-5.4 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-ibm (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-kvm (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-oracle (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-oracle-5.4 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-raspi (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-raspi-5.4 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-raspi2 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-riscv (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-gcp-5.13 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-ibm-5.4 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-oracle-5.13 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-aws-5.13 (Ubuntu)	Undecided	Fix Released
1971205	CVE-2022-25258 and CVE-2022-25375	linux-snapdragon (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2022-25258

Related bugs and status

Related bugs

References