Vulnerability Details : CVE-2022-21742

Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.

Vulnerability category: Overflow

Published 2022-06-20 06:15:09

Updated 2022-07-05 20:40:11

Source TWCERT/CC

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2022-21742

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 11 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-21742

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
3.3	LOW	AV:A/AC:L/Au:N/C:N/I:N/A:P	6.5	2.9	[email protected]
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	[email protected]
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
6.2	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	2.5	3.6	[email protected]
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-21742

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Assigned by:
- [email protected] (Primary)
- [email protected] (Secondary)

References for CVE-2022-21742

https://www.twcert.org.tw/tw/cp-132-6057-1cd0d-1.html

Third Party Advisory

Products affected by CVE-2022-21742

Realtek » Rtl8156 Firmware
Versions from including (>=) 7.42 and up to, including, (<=) 7.53
cpe:2.3:o:realtek:rtl8156_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8156 » Version: N/A
Realtek » Rtl8156 Firmware
Versions from including (>=) 10.28 and before (<) 10.50
cpe:2.3:o:realtek:rtl8156_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8156 » Version: N/A
Realtek » Rtl8156 Firmware
Versions from including (>=) 8.49 and up to, including, (<=) 8.60
cpe:2.3:o:realtek:rtl8156_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8156 » Version: N/A
Realtek » Rtl8156b Firmware
Versions from including (>=) 8.49 and up to, including, (<=) 8.60
cpe:2.3:o:realtek:rtl8156b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8156b » Version: N/A
Realtek » Rtl8156b Firmware
Versions from including (>=) 7.42 and up to, including, (<=) 7.53
cpe:2.3:o:realtek:rtl8156b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8156b » Version: N/A
Realtek » Rtl8156b Firmware
Versions from including (>=) 10.28 and before (<) 10.50
cpe:2.3:o:realtek:rtl8156b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8156b » Version: N/A
Realtek » Rtl8153 Firmware
Versions from including (>=) 10.28 and before (<) 10.50
cpe:2.3:o:realtek:rtl8153_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8153 » Version: N/A
Realtek » Rtl8153 Firmware
Versions from including (>=) 8.49 and up to, including, (<=) 8.60
cpe:2.3:o:realtek:rtl8153_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8153 » Version: N/A
Realtek » Rtl8153 Firmware
Versions from including (>=) 7.42 and up to, including, (<=) 7.53
cpe:2.3:o:realtek:rtl8153_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8153 » Version: N/A
Realtek » Rtl8153b Firmware
Versions from including (>=) 10.28 and before (<) 10.50
cpe:2.3:o:realtek:rtl8153b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8153b » Version: N/A
Realtek » Rtl8153b Firmware
Versions from including (>=) 7.42 and up to, including, (<=) 7.53
cpe:2.3:o:realtek:rtl8153b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8153b » Version: N/A
Realtek » Rtl8153b Firmware
Versions from including (>=) 8.49 and up to, including, (<=) 8.60
cpe:2.3:o:realtek:rtl8153b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8153b » Version: N/A
Realtek » Rtl8154 Firmware
Versions from including (>=) 7.42 and up to, including, (<=) 7.53
cpe:2.3:o:realtek:rtl8154_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8154 » Version: N/A
Realtek » Rtl8154 Firmware
Versions from including (>=) 8.49 and up to, including, (<=) 8.60
cpe:2.3:o:realtek:rtl8154_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8154 » Version: N/A
Realtek » Rtl8154 Firmware
Versions from including (>=) 10.28 and before (<) 10.50
cpe:2.3:o:realtek:rtl8154_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8154 » Version: N/A
Realtek » Rtl8154b Firmware
Versions from including (>=) 7.42 and up to, including, (<=) 7.53
cpe:2.3:o:realtek:rtl8154b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8154b » Version: N/A
Realtek » Rtl8154b Firmware
Versions from including (>=) 8.49 and up to, including, (<=) 8.60
cpe:2.3:o:realtek:rtl8154b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8154b » Version: N/A
Realtek » Rtl8154b Firmware
Versions from including (>=) 10.28 and before (<) 10.50
cpe:2.3:o:realtek:rtl8154b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8154b » Version: N/A
Realtek » Rtl8152b Firmware
Versions from including (>=) 8.49 and up to, including, (<=) 8.60
cpe:2.3:o:realtek:rtl8152b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8152b » Version: N/A
Realtek » Rtl8152b Firmware
Versions from including (>=) 7.42 and up to, including, (<=) 7.53
cpe:2.3:o:realtek:rtl8152b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8152b » Version: N/A
Realtek » Rtl8152b Firmware
Versions from including (>=) 10.28 and before (<) 10.50
cpe:2.3:o:realtek:rtl8152b_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Realtek » Rtl8152b » Version: N/A