UBUNTU-CVE-2022-3903

Description

An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.

CVSS Metrics

• v3.1•MEDIUM•Score: 4.6CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

• ubuntu•linux

  all | < 4.4.0-239.273 | < 4.15.0-209.220 | < 5.4.0-147.164 | < 5.15.0-57.63

• ubuntu•linux-aws

  < 4.4.0-1117.123 | < 4.4.0-1155.170 | < 4.15.0-1154.167 | < 5.4.0-1100.108 | < 5.15.0-1027.31

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  all

• ubuntu•linux-aws-5.13

  all

• ubuntu•linux-aws-5.15

  < 5.15.0-1027.31~20.04.1

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1100.108~18.04.1

• ubuntu•linux-aws-5.8

  all

• ubuntu•linux-aws-fips

  < 4.15.0-2093.99 | all | < 5.4.0-1100.108+fips1

• ubuntu•linux-aws-hwe

  < 4.15.0-1154.167~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1163.178~14.04.1 | < 4.15.0-1163.178~16.04.1 | all | < 5.4.0-1106.112 | < 5.15.0-1030.37

• ubuntu•linux-azure-4.15

  < 4.15.0-1163.178

• ubuntu•linux-azure-5.11

  all

• ubuntu•linux-azure-5.13

  all

• ubuntu•linux-azure-5.15

  < 5.15.0-1030.37~20.04.1

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1106.112~18.04.1

• ubuntu•linux-azure-5.8

  all

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fde

  < 5.15.0-1030.37.1

• ubuntu•linux-azure-fips

  < 4.15.0-2072.78 | all | < 5.4.0-1106.112+fips1

• ubuntu•linux-bluefield

  < 5.4.0-1062.68 | all

• ubuntu•linux-dell300x

  < 4.15.0-1063.68

• ubuntu•linux-fips

  < 4.4.0-1088.95 | all | < 4.15.0-1109.120 | < 5.4.0-1075.84

• ubuntu•linux-gcp

  < 4.15.0-1148.164~16.04.1 | all | < 5.4.0-1103.112 | < 5.15.0-1026.33

• ubuntu•linux-gcp-4.15

  < 4.15.0-1148.164

• ubuntu•linux-gcp-5.11

  all

• ubuntu•linux-gcp-5.13

  all

• ubuntu•linux-gcp-5.15

  < 5.15.0-1027.34~20.04.1

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1103.112~18.04.1

• ubuntu•linux-gcp-5.8

  all

• ubuntu•linux-gcp-fips

  < 4.15.0-2056.61 | all | < 5.4.0-1103.112+fips1

• ubuntu•linux-gke

  < 5.4.0-1097.104 | < 5.15.0-1024.29

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.15

  < 5.15.0-1027.32~20.04.1

• ubuntu•linux-gke-5.4

  all

• ubuntu•linux-gkeop

  < 5.4.0-1067.71 | < 5.15.0-1012.16

• ubuntu•linux-gkeop-5.15

  < 5.15.0-1012.16~20.04.1

• ubuntu•linux-gkeop-5.4

  all

• ubuntu•linux-hwe

  < 4.15.0-209.220~16.04.1 | all

• ubuntu•linux-hwe-5.11

  all

• ubuntu•linux-hwe-5.13

  all

• ubuntu•linux-hwe-5.15

  < 5.15.0-57.63~20.04.1

• ubuntu•linux-hwe-5.4

  < 5.4.0-147.164~18.04.1

• ubuntu•linux-hwe-5.8

  all

• ubuntu•linux-hwe-edge

  all | all

• ubuntu•linux-ibm

  < 5.4.0-1047.52 | < 5.15.0-1022.25

• ubuntu•linux-ibm-5.4

  < 5.4.0-1047.52~18.04.1

Showing first 50 affected entries in server-rendered view.

References (12)

• https://ubuntu.com/security/CVE-2022-3903
• https://ubuntu.com/security/notices/USN-6001-1
• https://ubuntu.com/security/notices/USN-6013-1
• https://ubuntu.com/security/notices/USN-6014-1
• https://ubuntu.com/security/notices/USN-6027-1
• https://ubuntu.com/security/notices/USN-6029-1
• https://ubuntu.com/security/notices/USN-6030-1
• https://ubuntu.com/security/notices/USN-6031-1
• https://ubuntu.com/security/notices/USN-6093-1
• https://ubuntu.com/security/notices/USN-6222-1
• https://ubuntu.com/security/notices/USN-6256-1
• https://www.cve.org/CVERecord?id=CVE-2022-3903