How severe is CVE-2022-23467?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2022-23467?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2022-23467 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices.

Related Vulnerabilities

CVE-2018-14780

MEDIUM

CVSS:4.6(Medium)

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw =...

CWE-1252018

CVE-2018-19985

MEDIUM

CVSS:4.6(Medium)

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-o...

CWE-1252018

CVE-2021-1897

MEDIUM

CVSS:4.6(Medium)

Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Sna...

CWE-1252021

CVE-2021-1898

MEDIUM

CVSS:4.6(Medium)

Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Weara...

CWE-1252021

CVE-2021-1899

MEDIUM

CVSS:4.6(Medium)

Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CWE-1252021

CVE-2021-1901

MEDIUM

CVSS:4.6(Medium)

Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearable...

CWE-1252021