CVE-2022-41850

2022-09-3000:00:00

ubuntu.com

cve-2022-41850

hid-roccat

race condition

use-after-free

linux kernel

CVSS3

4.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through
5.19.12 has a race condition and resultant use-after-free in certain
situations where a report is received while copying a report->value is in
progress.

Notes

Author	Note
sbeattie	requires a malicious roccat device to exploit, reduced priority to low.
rodrigo-zaiden	USN-5975-1 first publication included esm/xenial linux-gcp version 4.15.0-1146.162~16.04.1 by mistake, please refer to USN-6007-1.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-204.215UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-139.156UNKNOWN
ubuntu22.04noarchlinux< 5.15.0-60.66UNKNOWN
ubuntu22.10noarchlinux< 5.19.0-28.29UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-239.273UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1150.163UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1096.104UNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1030.34UNKNOWN
ubuntu22.10noarchlinux-aws< 5.19.0-1016.17UNKNOWN
ubuntu14.04noarchlinux-aws< 4.4.0-1117.123UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-204.215	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-139.156	UNKNOWN
ubuntu	22.04	noarch	linux	< 5.15.0-60.66	UNKNOWN
ubuntu	22.10	noarch	linux	< 5.19.0-28.29	UNKNOWN
ubuntu	16.04	noarch	linux	< 4.4.0-239.273	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1150.163	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1096.104	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1030.34	UNKNOWN
ubuntu	22.10	noarch	linux-aws	< 5.19.0-1016.17	UNKNOWN
ubuntu	14.04	noarch	linux-aws	< 4.4.0-1117.123	UNKNOWN