Description

In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.

Related CPE's

o

linux

linux_kernel

6

a

netapp

hci_baseboard_management_controller

5

o

debian

debian_linux

10.0

Vulnerable

References

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b870e73a56c4cccbec33224233eaf295839f228c

https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Mailing ListThird Party Advisory

https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich%40gmail.com/

https://security.netapp.com/advisory/ntap-20230302-0003/

PatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-190

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-13T01:15:10.300

2 years ago

Last modified

2024-03-25T01:15:53.327

1 year ago