| Vulnerability Name: | CVE-2022-2964 (CCN-235652) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2022-03-21 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2022-03-21 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2023-01-20 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-2964 Source: CCN Type: Red Hat Bugzilla - Bug 2067482 (CVE-2022-2964) - CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device Source: secalert@redhat.com Type: Issue Tracking, Patch, Third Party Advisory secalert@redhat.com Source: XF Type: UNKNOWN linux-kernel-cve20222964-code-exec(235652) Source: CCN Type: Linux Kernel GIT Repository net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup Source: secalert@redhat.com Type: Third Party Advisory secalert@redhat.com Source: CCN Type: IBM Security Bulletin 6958146 (Cloud Pak for Watson AIOps) Multiple Vulnerabilities in CloudPak for Watson AIOPs Source: CCN Type: IBM Security Bulletin 6960473 (Data Risk Manager) IBM Data Risk Manager is affected by multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6960747 (Spectrum Copy Data Management) Vulnerabilities in Linux Kernel might affect IBM Spectrum Copy Data Management (CVE-2022-2964, CVE-2022-2601, CVE-2020-36557) Source: CCN Type: IBM Security Bulletin 6963936 (Spectrum Protect Plus) Vulnerabilities in Linux Kernel may affect IBM Spectrum Protect Plus Source: CCN Type: IBM Security Bulletin 6967333 (QRadar SIEM) IBM QRadar SIEM includes components with known vulnerabilities | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||