CVE-2022-49984 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report It is possible for a malicious device to forgo submitting a Feature Report. The HID Steam driver presently makes no prevision for this and de-references the 'struct hid_report' pointer obtained from the HID devices without first checking its validity. Let's change that.

Reserved 2025-06-18 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status

unaffected

c164d6abf3841ffacfdb757c10616f9cb1f67276 before c20d03b82a2e3ddbb555dad4d4f3374a9763222c

affected

c164d6abf3841ffacfdb757c10616f9cb1f67276 before fa2b822d86be5b5ad54fe4fa2daca464e71ff90a

affected

c164d6abf3841ffacfdb757c10616f9cb1f67276 before dc815761948ab5b8c94db6cb53c95103588f16ae

affected

c164d6abf3841ffacfdb757c10616f9cb1f67276 before 989560b6d9e00d99e07bc33067fa1c770994bf4d

affected

c164d6abf3841ffacfdb757c10616f9cb1f67276 before dee1e51b54794e90763e70a3c78f27ba4fa930ec

affected

c164d6abf3841ffacfdb757c10616f9cb1f67276 before cd11d1a6114bd4bc6450ae59f6e110ec47362126

affected

Default status

affected

4.18

affected

Any version before 4.18

unaffected

4.19.257

unaffected

5.4.212

unaffected

5.10.141

unaffected

5.15.65

unaffected

5.19.7

unaffected

6.0

unaffected

References

git.kernel.org/...c/c20d03b82a2e3ddbb555dad4d4f3374a9763222c

git.kernel.org/...c/fa2b822d86be5b5ad54fe4fa2daca464e71ff90a

git.kernel.org/...c/dc815761948ab5b8c94db6cb53c95103588f16ae

git.kernel.org/...c/989560b6d9e00d99e07bc33067fa1c770994bf4d

git.kernel.org/...c/dee1e51b54794e90763e70a3c78f27ba4fa930ec

git.kernel.org/...c/cd11d1a6114bd4bc6450ae59f6e110ec47362126

cve.org (CVE-2022-49984)

nvd.nist.gov (CVE-2022-49984)

Download JSON