---

CVE-2022-25375 - log back

CVE-2022-25375 created at 25 May 2022 19:50:55
Severity	+ Medium
Remote	+ Unknown
Type	+ Information disclosure
Description	+ RNDIS USB gadget in drivers/usb/gadget/function/rndis.c lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
References	+ http://www.openwall.com/lists/oss-security/2022/02/21/1
Notes