Rewterz Threat Advisory – CVE-2022-22308 – IBM Planning Analytics file include Vulnerability
February 22, 2022Rewterz Threat Advisory – Multiple NVIDIA GPU Display Driver for Linux and Window Vulnerabilities
February 22, 2022Rewterz Threat Advisory – CVE-2022-22308 – IBM Planning Analytics file include Vulnerability
February 22, 2022Rewterz Threat Advisory – Multiple NVIDIA GPU Display Driver for Linux and Window Vulnerabilities
February 22, 2022Severity
Medium
Analysis Summary
CVE-2022-25375
Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by improper validation of the size of the RNDIS_MSG_SET command by the RNDIS USB gadget in drivers/usb/gadget/function/rndis.c. By sending specially-crafted RNDIS requests, an attacker could exploit this vulnerability to obtain sensitive from kernel space memory, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2022-25375
Affected Vendors
Linux
Affected Products
- Linux Kernel 5.16
Remediation
Upgrade to the latest version of Linux Kernel, available from the Linux Kernel GIT Repository.