CVE-2022-3903

2022-11-1400:00:00

ubuntu.com

cve-2022-3903

linux kernel

denial of service

usb device

resource starvation

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

22.1%

JSON

An incorrect read request flaw was found in the Infrared Transceiver USB
driver in the Linux kernel. This issue occurs when a user attaches a
malicious USB device. A local user could use this flaw to starve the
resources, causing denial of service or potentially crashing the system.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-209.220UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-147.164UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-57.63UNKNOWN
ubuntu22.10noarchlinux< 5.19.0-28.29UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-239.273UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1154.167UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1100.108UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1027.31UNKNOWN
ubuntu22.10noarchlinux-aws< 5.19.0-1016.17UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1117.123UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-209.220	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-147.164	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-57.63	UNKNOWN
ubuntu	22.10	noarch	linux	< 5.19.0-28.29	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-239.273	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1154.167	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1100.108	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1027.31	UNKNOWN
ubuntu	22.10	noarch	linux-aws	< 5.19.0-1016.17	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1117.123	UNKNOWN