{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-4662", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T01:48:39.476Z", "dateReserved": "2022-12-22T00:00:00", "datePublished": "2022-12-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-12-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system."}], "affected": [{"vendor": "n/a", "product": "Kernel", "versions": [{"version": "Linux kernel 6.0-rc4", "status": "affected"}]}], "references": [{"url": "https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com/"}, {"url": "https://lore.kernel.org/all/20220913140355.910732567%40linuxfoundation.org/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-455", "cweId": "CWE-455"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:39.476Z"}, "title": "CVE Program Container", "references": [{"url": "https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com/", "tags": ["x_transferred"]}, {"url": "https://lore.kernel.org/all/20220913140355.910732567%40linuxfoundation.org/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "87B81C9D-7173-4FFB-97BC-9C41AB20A53C", "versionEndExcluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E8BD11A3-8643-49B6-BADE-5029A0117325", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "5F0AD220-F6A9-4012-8636-155F1B841FAD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "A46498B3-78E1-4623-AAE1-94D29A42BE4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en el control de acceso incorrecto en el subsistema central USB del kernel de Linux en la forma en que el usuario conecta el dispositivo USB. Un usuario local podr\u00eda utilizar este fallo para bloquear el sistema."}], "id": "CVE-2022-4662", "lastModified": "2023-11-07T03:58:30.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-22T22:15:16.940", "references": [{"source": "secalert@redhat.com", "url": "https://lore.kernel.org/all/20220913140355.910732567%40linuxfoundation.org/"}, {"source": "secalert@redhat.com", "url": "https://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA%40mail.gmail.com/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-455"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2736", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-477.10.1.rt7.274.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2951", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-477.10.1.el8_8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2458", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.11.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:2148", "cpe": "cpe:/a:redhat:enterprise_linux:9::nfv", "package": "kernel-rt-0:5.14.0-284.11.1.rt14.296.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}, {"advisory": "RHSA-2023:2458", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-284.11.1.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "kernel: Recursive locking violation in usb-storage that can cause the kernel to deadlock", "id": "2155788", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155788"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-455", "details": ["A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.", "An incorrect access control flaw was found in the Linux kernel USB core subsystem. When attaching a malicious usb device, the recursive locking violation in usb-storage can cause the kernel to deadlock. This issue could allow a local user to crash the system."], "name": "CVE-2022-4662", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2022-09-13T09:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-4662\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4662\nhttps://lore.kernel.org/all/20220913140355.910732567@linuxfoundation.org/\nhttps://lore.kernel.org/all/CAB7eexLLApHJwZfMQ=X-PtRhw0BgO+5KcSMS05FNUYejJXqtSA@mail.gmail.com/"], "threat_severity": "Low", "upstream_fix": "Linux kernel 6.0-rc4"}