search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2022-48926 - b011f740 #5150

Closed witchcraze closed 1 week ago

witchcraze commented 1 week ago

[CVE Configuration Update Request] Update Suggestion - CVE-2022-48926 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2022-48926 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2022-48926.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2022-48926.json

- CVE-2022-48926
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.0 up to (excluding) 4.14.269
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.0 up to (excluding) 4.19.232
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9.0 up to (excluding) 4.9.304
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.103
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15.26
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16.0 up to (excluding) 5.16.12
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.17.0 up to (excluding) 5.17
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.182
- Reference
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.269
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.232
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.9.304
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.103
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15.26
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.16.12
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.17
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.182
- Reference (Commit)
  - usb: gadget: rndis: add spinlock for rndis response list
    - Fixed by
      - 4.14.269 (669c2b178956718407af5631ccbc61c24413f038)
      - 4.19.232 (9f688aadede6b862a0a898792b1a35421c93636f)
      - 4.9.304 (9f5d8ba538ef81cd86ea587ca3f8c77e26bea405)
      - 5.10.103 (4ce247af3f30078d5b97554f1ae6200a0222c15a)
      - 5.15.26 (da514063440b53a27309a4528b726f92c3cfe56f)
      - 5.16.12 (33222d1571d7ce8c1c75f6b488f38968fa93d2d9)
      - 5.17 (aaaba1c86d04dac8e49bf508b492f81506257da3) (upstream)
      - 5.4.182 (9ab652d41deab49848673c3dadb57ad338485376)
    - Will be introduced by
      - https://github.com/torvalds/linux/commit/f6281af9d62e
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2022-48926 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 4.10 4.14.269
cpe:/o:linux:linux_kernel 4.15 4.19.232
cpe:/o:linux:linux_kernel 4.20 5.4.182
cpe:/o:linux:linux_kernel 4.6 4.9.304
cpe:/o:linux:linux_kernel 5.11 5.15.26
cpe:/o:linux:linux_kernel 5.16 5.16.12
cpe:/o:linux:linux_kernel 5.5 5.10.103
witchcraze commented 1 week ago

ok