What is the severity of CVE-2022-27223?

CVE-2022-27223 is considered a potential security vulnerability due to an endpoint index being unvalidated.

How do I fix CVE-2022-27223?

To fix CVE-2022-27223, it is recommended to upgrade to Linux kernel version 5.16.12 or a later version.

What systems are affected by CVE-2022-27223?

CVE-2022-27223 affects various versions of the Linux kernel prior to 5.16.12.

Is CVE-2022-27223 exploitable remotely?

Yes, CVE-2022-27223 can potentially be exploited by attackers with host access.

What impact does CVE-2022-27223 have on system security?

CVE-2022-27223 can lead to out-of-array access, which could compromise system integrity and availability.

Vulnerability/
CVE-2022-27223

high

8.8

CWE

129

15/3/2022

21/11/2024

CVE-2022-27223: Out-of-bounds Read

First published: Tue Mar 15 2022(Updated: )

In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Linux Kernel	>=3.18<4.9.304
Linux Kernel	>=4.10<4.14.269
Linux Kernel	>=4.15<4.19.232
Linux Kernel	>=4.20<5.4.182
Linux Kernel	>=5.5<5.10.103
Linux Kernel	>=5.11<5.15.26
Linux Kernel	>=5.16<5.16.12
NetApp Active IQ Unified Manager
All of
NetApp H500e Firmware
NetApp H500e Firmware
All of
NetApp H700S
NetApp H700S
All of
NetApp H300E
NetApp H300E Firmware
All of
NetApp H500S Firmware
NetApp H500e Firmware
All of
NetApp H700E
NetApp H700E
All of
NetApp H410S
NetApp H410S Firmware
All of
NetApp H300S Firmware
NetApp H300S Firmware
Debian Linux	=9.0
Linux Kernel	<5.16.12
NetApp H500e Firmware
NetApp H500e Firmware
NetApp H700S
NetApp H700S
NetApp H300E
NetApp H300E Firmware
NetApp H500S Firmware
NetApp H500e Firmware
NetApp H700E
NetApp H700E
NetApp H410S
NetApp H410S Firmware
NetApp H300S Firmware
NetApp H300S Firmware
debian/linux		5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1

Remedy

https://github.com/torvalds/linux/commit/7f14c7227f342d9932f9b918893c8814f86d2a0d

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-27223?
CVE-2022-27223 is considered a potential security vulnerability due to an endpoint index being unvalidated.
How do I fix CVE-2022-27223?
To fix CVE-2022-27223, it is recommended to upgrade to Linux kernel version 5.16.12 or a later version.
What systems are affected by CVE-2022-27223?
CVE-2022-27223 affects various versions of the Linux kernel prior to 5.16.12.
Is CVE-2022-27223 exploitable remotely?
Yes, CVE-2022-27223 can potentially be exploited by attackers with host access.
What impact does CVE-2022-27223 have on system security?
CVE-2022-27223 can lead to out-of-array access, which could compromise system integrity and availability.

agent/type
collector/launchpad-cve
source/Launchpad
agent/weakness
agent/severity
agent/author
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/trending
agent/source
collector/usn-cve
source/Ubuntu
agent/description
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-cve
collector/nvd-index
agent/tags
agent/softwarecombine
collector/security-tracker-debian
source/Debian
vendor/linux
canonical/linux kernel
version/linux kernel/3.18
version/linux kernel/4.10
version/linux kernel/4.15
version/linux kernel/4.20
version/linux kernel/5.5
version/linux kernel/5.11
version/linux kernel/5.16
vendor/netapp
canonical/netapp active iq unified manager
canonical/netapp h500e firmware
canonical/netapp h700s
canonical/netapp h300e
canonical/netapp h300e firmware
canonical/netapp h500s firmware
canonical/netapp h700e
canonical/netapp h410s
canonical/netapp h410s firmware
canonical/netapp h300s firmware
vendor/debian
canonical/debian linux
version/debian linux/9.0
package-manager/debian