关键漏洞信息 漏洞ID: Bug 2067482 (CVE-2022-2964) 概要: kernel: memory corruption in AX88179_178A based USB ethernet device. 报告日期: 2022-03-23 21:10 UTC 修改日期: 2023-05-16 18:49 UTC 状态: CLOSED ERRATA 别名: CVE-2022-2964 产品: Security Response 组件: vulnerability 优先级: high 严重性: high 环境: All 操作系统: Linux 分配给: Red Hat Product Security 描述 描述: The linux kernels driver for the "ASIX AX88179_178A based USB 2.0/3.0 Gigabit Ethernet Devices" contains multiple out-of-bounds reads and possible writes in the ax88179_rx_fixup() function. 引用链接: - https://www.spinics.net/lists/stable/msg536418.html - Upstream commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581 更新记录 已在多个Red Hat Enterprise Linux版本中修复,包括: - RHSA-2023:0101, RHSA-2023:0114, RHSA-2023:0123, RHSA-2023:0300, RHSA-2023:0334, RHSA-2023:0348, RHSA-2023:0392, RHSA-2023:0395, RHSA-2023:0396, RHSA-2023:0399, RHSA-2023:0400, RHSA-2023:0404, RHSA-2023:0496, RHSA-2023:0512, RHSA-2023:0531, RHSA-2023:0536, RHSA-2023:0856, RHSA-2023:0858, RHSA-2023:1130, RHSA-2023:1192