fkie_cve-2022-49301
Vulnerability from fkie_nvd
Published
2025-02-26 07:01
Modified
2025-04-14 20:08
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in usb_read8() and friends When r8712_usbctrl_vendorreq() returns negative, 'data' in usb_read{8,16,32} will not be initialized. BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline] BUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725 string_nocheck lib/vsprintf.c:643 [inline] string+0x4ec/0x6f0 lib/vsprintf.c:725 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806 va_format lib/vsprintf.c:1704 [inline] pointer+0x18e6/0x1f70 lib/vsprintf.c:2443 vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810 vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158 vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256 dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604 dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615 __dev_printk+0x3be/0x440 drivers/base/core.c:4627 _dev_info+0x1ea/0x22f drivers/base/core.c:4673 r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396 really_probe+0x6c7/0x1350 drivers/base/dd.c:621 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 driver_probe_device drivers/base/dd.c:782 [inline] __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 __device_attach+0x593/0x8e0 drivers/base/dd.c:970 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 device_add+0x1fff/0x26e0 drivers/base/core.c:3405 usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238 usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293 really_probe+0x6c7/0x1350 drivers/base/dd.c:621 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 driver_probe_device drivers/base/dd.c:782 [inline] __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 __device_attach+0x593/0x8e0 drivers/base/dd.c:970 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 device_add+0x1fff/0x26e0 drivers/base/core.c:3405 usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566 hub_port_connect drivers/usb/core/hub.c:5363 [inline] hub_port_connect_change drivers/usb/core/hub.c:5507 [inline] port_event drivers/usb/core/hub.c:5665 [inline] hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289 worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436 kthread+0x3c7/0x500 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 Local variable data created at: usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33 r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29 KMSAN: uninit-value in r871xu_drv_init https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/33ef21d55418ab6a62a63fd550b2dbe297433372Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/58762f1c63c75cbe1dc393eed3c9cf8e38310ca1Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/95b0f54f8a898072a2810c05fab34d971f23a612Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d1b57669732d09da7e13ef86d058dab0cd57f6e0Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d7ed3c85da0b230bcdf5329acfe012ed093f3daaPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/de075af8c404f7d59ed34df230aedd9f645fb846Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1C86ABC-337F-46B3-BCD8-22DC5A66E45A",
              "versionEndExcluding": "5.4.198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B42AA01-44D8-4572-95E6-FF8E374CF9C5",
              "versionEndExcluding": "5.10.122",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC042EE3-4864-4325-BE0B-4BCDBF11AA61",
              "versionEndExcluding": "5.15.47",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53E7AA2E-2FB4-45CA-A22B-08B4EDBB51AD",
              "versionEndExcluding": "5.17.15",
              "versionStartIncluding": "5.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6D643C-6D6A-4821-8A8D-B5776B8F0103",
              "versionEndExcluding": "5.18.4",
              "versionStartIncluding": "5.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8712: fix uninit-value in usb_read8() and friends\n\nWhen r8712_usbctrl_vendorreq() returns negative, \u0027data\u0027 in\nusb_read{8,16,32} will not be initialized.\n\nBUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:643 [inline]\nBUG: KMSAN: uninit-value in string+0x4ec/0x6f0 lib/vsprintf.c:725\n string_nocheck lib/vsprintf.c:643 [inline]\n string+0x4ec/0x6f0 lib/vsprintf.c:725\n vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806\n va_format lib/vsprintf.c:1704 [inline]\n pointer+0x18e6/0x1f70 lib/vsprintf.c:2443\n vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810\n vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158\n vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256\n dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604\n dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615\n __dev_printk+0x3be/0x440 drivers/base/core.c:4627\n _dev_info+0x1ea/0x22f drivers/base/core.c:4673\n r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401\n usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396\n really_probe+0x6c7/0x1350 drivers/base/dd.c:621\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238\n usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293\n really_probe+0x6c7/0x1350 drivers/base/dd.c:621\n __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752\n driver_probe_device drivers/base/dd.c:782 [inline]\n __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899\n bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427\n __device_attach+0x593/0x8e0 drivers/base/dd.c:970\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017\n bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487\n device_add+0x1fff/0x26e0 drivers/base/core.c:3405\n usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566\n hub_port_connect drivers/usb/core/hub.c:5363 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5507 [inline]\n port_event drivers/usb/core/hub.c:5665 [inline]\n hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747\n process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289\n worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436\n kthread+0x3c7/0x500 kernel/kthread.c:376\n ret_from_fork+0x1f/0x30\n\nLocal variable data created at:\n usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33\n r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29\n\nKMSAN: uninit-value in r871xu_drv_init\nhttps://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: rtl8712: se corrige un valor no inicializado en usb_read8() y similares. Cuando r8712_usbctrl_vendorreq() devuelve un valor negativo, no se inicializar\u00e1n los \u0027datos\u0027 en usb_read{8,16,32}. ERROR: KMSAN: valor no inicializado en string_nocheck lib/vsprintf.c:643 [en l\u00ednea] ERROR: KMSAN: valor no inicializado en string+0x4ec/0x6f0 lib/vsprintf.c:725 string_nocheck lib/vsprintf.c:643 [en l\u00ednea] string+0x4ec/0x6f0 lib/vsprintf.c:725 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806 va_format lib/vsprintf.c:1704 [en l\u00ednea] pointer+0x18e6/0x1f70 lib/vsprintf.c:2443 vsnprintf+0x1a9b/0x3650 lib/vsprintf.c:2810 vprintk_store+0x537/0x2150 kernel/printk/printk.c:2158 vprintk_emit+0x28b/0xab0 kernel/printk/printk.c:2256 dev_vprintk_emit+0x5ef/0x6d0 drivers/base/core.c:4604 dev_printk_emit+0x1dd/0x21f drivers/base/core.c:4615 __dev_printk+0x3be/0x440 drivers/base/core.c:4627 _dev_info+0x1ea/0x22f drivers/base/core.c:4673 r871xu_drv_init+0x1929/0x3070 drivers/staging/rtl8712/usb_intf.c:401 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396 really_probe+0x6c7/0x1350 drivers/base/dd.c:621 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 driver_probe_device drivers/base/dd.c:782 [en l\u00ednea] __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 __device_attach+0x593/0x8e0 drivers/base/dd.c:970 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 device_add+0x1fff/0x26e0 drivers/base/core.c:3405 usb_set_configuration+0x37e9/0x3ed0 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0x13c/0x300 drivers/usb/core/generic.c:238 usb_probe_device+0x309/0x570 drivers/usb/core/driver.c:293 really_probe+0x6c7/0x1350 drivers/base/dd.c:621 __driver_probe_device+0x3e9/0x530 drivers/base/dd.c:752 driver_probe_device drivers/base/dd.c:782 [en l\u00ednea] __device_attach_driver+0x79f/0x1120 drivers/base/dd.c:899 bus_for_each_drv+0x2d6/0x3f0 drivers/base/bus.c:427 __device_attach+0x593/0x8e0 drivers/base/dd.c:970 device_initial_probe+0x4a/0x60 drivers/base/dd.c:1017 bus_probe_device+0x17b/0x3e0 drivers/base/bus.c:487 device_add+0x1fff/0x26e0 drivers/base/core.c:3405 usb_new_device+0x1b91/0x2950 drivers/usb/core/hub.c:2566 hub_port_connect drivers/usb/core/hub.c:5363 [en l\u00ednea] hub_port_connect_change drivers/usb/core/hub.c:5507 [en l\u00ednea] port_event drivers/usb/core/hub.c:5665 [en l\u00ednea] hub_event+0x58e3/0x89e0 drivers/usb/core/hub.c:5747 process_one_work+0xdb6/0x1820 kernel/workqueue.c:2289 worker_thread+0x10d0/0x2240 kernel/workqueue.c:2436 kthread+0x3c7/0x500 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 Datos de la variable local creados en: usb_read8+0x5d/0x130 drivers/staging/rtl8712/usb_ops.c:33 r8712_read8+0xa5/0xd0 drivers/staging/rtl8712/rtl8712_io.c:29 KMSAN: valor no inicializado en r871xu_drv_init https://syzkaller.appspot.com/bug?id=3cd92b1d85428b128503bfa7a250294c9ae00bd8"
    }
  ],
  "id": "CVE-2022-49301",
  "lastModified": "2025-04-14T20:08:57.483",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-02-26T07:01:06.923",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/33ef21d55418ab6a62a63fd550b2dbe297433372"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/58762f1c63c75cbe1dc393eed3c9cf8e38310ca1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/95b0f54f8a898072a2810c05fab34d971f23a612"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d1b57669732d09da7e13ef86d058dab0cd57f6e0"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/d7ed3c85da0b230bcdf5329acfe012ed093f3daa"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/de075af8c404f7d59ed34df230aedd9f645fb846"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-908"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.