{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3903", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T01:20:58.816Z", "dateReserved": "2022-11-08T00:00:00", "datePublished": "2022-11-14T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-11-14T00:00:00"}, "descriptions": [{"lang": "en", "value": "An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system."}], "affected": [{"vendor": "n/a", "product": "Kernel", "versions": [{"version": "Linux kernel 6.1-rc5", "status": "affected"}]}], "references": [{"url": "https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com/"}, {"url": "https://lore.kernel.org/all/E1obysd-009Grw-He%40www.linuxtv.org/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-843", "cweId": "CWE-843"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:58.816Z"}, "title": "CVE Program Container", "references": [{"url": "https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com/", "tags": ["x_transferred"]}, {"url": "https://lore.kernel.org/all/E1obysd-009Grw-He%40www.linuxtv.org/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc5:*:*:*:*:*:*", "matchCriteriaId": "35B26BE4-43A6-4A36-A7F6-5B3F572D9186", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de solicitud de lectura incorrecta en el controlador USB del transceptor de infrarrojos en el kernel de Linux. Este problema ocurre cuando un usuario conecta un dispositivo USB malicioso. Un usuario local podr\u00eda utilizar esta falla para agotar los recursos, provocando denegaci\u00f3n de servicio o potencialmente fallando el sistema."}], "id": "CVE-2022-3903", "lastModified": "2024-11-21T07:20:30.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-11-14T21:15:17.637", "references": [{"source": "[email protected]", "url": "https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com/"}, {"source": "[email protected]", "url": "https://lore.kernel.org/all/E1obysd-009Grw-He%40www.linuxtv.org/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lore.kernel.org/all/E1obysd-009Grw-He%40www.linuxtv.org/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "[email protected]", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Yiru Xu and Yuheng Shen for reporting this issue.", "bugzilla": {"description": "kernel: An invalid pipe direction in the mceusb driver cause the kernel to DOS", "id": "2140985", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140985"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-843", "details": ["An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.", "An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the mceusb module from being loaded. Please see https://access.redhat.com/solutions/41278 for information about how to blacklist a kernel module to prevent it from loading automatically."}, "name": "CVE-2022-3903", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-08-11T09:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3903\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3903\nhttps://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA@mail.gmail.com/\nhttps://lore.kernel.org/all/[email protected]/"], "threat_severity": "Low", "upstream_fix": "Linux kernel 6.1-rc5"}