CVE-2022-50156 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: HID: cp2112: prevent a buffer overflow in cp2112_xfer() Smatch warnings: drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'data->block[1]' too small (33 vs 255) drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'buf' too small (64 vs 255) The 'read_length' variable is provided by 'data->block[0]' which comes from user and it(read_length) can take a value between 0-255. Add an upper bound to 'read_length' variable to prevent a buffer overflow in memcpy().

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/26e427ac85c2b8d0d108cc80b6de34d33e2780c4
https://git.kernel.org/stable/c/381583845d19cb4bd21c8193449385f3fefa9caf
https://git.kernel.org/stable/c/3af7d60e9a6c17d6d41c4341f8020511887d372d
https://git.kernel.org/stable/c/519ff31a6ddd87aa4905bd9bf3b92e8b88801614
https://git.kernel.org/stable/c/8489a20ac481b08c0391608d81ed3796d373cfdf
https://git.kernel.org/stable/c/e7028944e61014ae915e7fb74963d3835f2f761a
https://git.kernel.org/stable/c/ebda3d6b004bb6127a66a616524a2de152302ca7
https://lore.kernel.org/linux-cve-announce/2025061824-CVE-2022-50156-3e2e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-50156
https://www.cve.org/CVERecord?id=CVE-2022-50156

History

Fri, 20 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025061824-CVE-2022-50156-3e2e@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-50156 https://www.cve.org/CVERecord?id=CVE-2022-50156
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 18 Jun 2025 11:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: HID: cp2112: prevent a buffer overflow in cp2112_xfer() Smatch warnings: drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'data->block[1]' too small (33 vs 255) drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'buf' too small (64 vs 255) The 'read_length' variable is provided by 'data->block[0]' which comes from user and it(read_length) can take a value between 0-255. Add an upper bound to 'read_length' variable to prevent a buffer overflow in memcpy().
Title		HID: cp2112: prevent a buffer overflow in cp2112_xfer()
References		https://git.kernel.org/stable/c/26e427ac85c2b8d0d108cc80b6de34d33e2780c4 https://git.kernel.org/stable/c/381583845d19cb4bd21c8193449385f3fefa9caf https://git.kernel.org/stable/c/3af7d60e9a6c17d6d41c4341f8020511887d372d https://git.kernel.org/stable/c/519ff31a6ddd87aa4905bd9bf3b92e8b88801614 https://git.kernel.org/stable/c/8489a20ac481b08c0391608d81ed3796d373cfdf https://git.kernel.org/stable/c/e7028944e61014ae915e7fb74963d3835f2f761a https://git.kernel.org/stable/c/ebda3d6b004bb6127a66a616524a2de152302ca7

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-06-18T11:03:13.913Z

Updated: 2025-06-18T11:03:13.913Z

Reserved: 2025-06-18T10:57:27.425Z

Link: CVE-2022-50156

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-06-18T11:15:45.747

Modified: 2025-06-18T13:47:40.833

Link: CVE-2022-50156

Redhat

Severity : Moderate

Publid Date: 2025-06-18T00:00:00Z

Links: CVE-2022-50156 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object