Login Sign Up

CVE-2022-48837

7.8 HIGH
Denial of Service

📋 TL;DR

This CVE-2022-48837 is an integer overflow vulnerability in the Linux kernel's RNDIS USB gadget driver. When exploited, it could allow local attackers to cause a kernel panic (denial of service) or potentially execute arbitrary code with kernel privileges. Systems using USB gadget functionality with RNDIS protocol are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Versions before the fix commits listed in references
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if USB gadget functionality with RNDIS protocol is enabled/used.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to kernel-level code execution leading to complete system compromise.

🟠

Likely Case

Kernel panic causing denial of service (system crash).

🟢

If Mitigated

No impact if USB gadget functionality is disabled or RNDIS is not used.

🌐 Internet-Facing: LOW - Requires local access to USB gadget interface.
🏢 Internal Only: MEDIUM - Local attackers with USB gadget access could exploit.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to interact with USB gadget interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing the fix commits from references

Vendor Advisory: https://git.kernel.org/stable/c/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version is updated.

🔧 Temporary Workarounds

Disable USB gadget RNDIS

linux

Disable RNDIS USB gadget functionality if not required

modprobe -r g_ether
echo 'blacklist g_ether' >> /etc/modprobe.d/blacklist.conf

🧯 If You Can't Patch

  • Disable USB gadget functionality entirely if not needed
  • Restrict physical/local access to systems using USB gadget features

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if USB gadget modules are loaded: lsmod | grep g_ether

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check for presence of fix commits

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • USB gadget error messages in dmesg

Network Indicators:

  • Unusual USB gadget activity if monitored

SIEM Query:

source="kernel" AND ("panic" OR "oops") AND "usb"

📊 Metadata

CVE ID: CVE-2022-48837
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: July 16, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-48837, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)