Main Vulnerability Database Exploits ID:7529 - Exploit for Exposure of Resource to Wrong Sphere in Linux kernel - CVE-2022-25375

ID:7529 - Exploit for Exposure of Resource to Wrong Sphere in Linux kernel - CVE-2022-25375

Published: March 23, 2022

Vulnerability identifier: #VU61269

Vulnerability risk: Low

CVE-ID: CVE-2022-25375

CWE-ID: CWE-668

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://github.com/szymonh/rndis-co

Vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions in drivers/usb/gadget/function/rndis.c in the Linux kernel. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. A local user can run a specially crafted program to gain access to kernel memory.

Remediation

Install updates from vendor's website.

ID:7529 - Exploit for Exposure of Resource to Wrong Sphere in Linux kernel - CVE-2022-25375

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human