CVE-2022-23467 - OpenCVE

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Openrazer Project	Openrazer

Configuration 1 [-]

cpe:2.3:a:openrazer_project:openrazer:*:*:*:*:*:linux:*:*

References

Link	Resource
https://github.com/openrazer/openrazer/commit/33aa7f07d54ae066f201c6d298cb4a2181cb90e6	Patch Third Party Advisory
https://github.com/openrazer/openrazer/security/advisories/GHSA-39hg-jvc9-fg7h	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-12-05T19:22:30.988Z

Updated:

Reserved: 2022-01-19T21:23:53.756Z

Link: CVE-2022-23467

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-12-05T20:15:10.133

Modified: 2022-12-06T20:34:49.993

Link: CVE-2022-23467

JSON object: View

Redhat Information

No data.

CWE

CWE-125

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2022-23467", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "requesterUserId": "c184a3d9-dc98-4c48-a45b-d2d88cf0ac74", "dateReserved": "2022-01-19T21:23:53.756Z", "datePublished": "2022-12-05T19:22:30.988Z"}, "containers": {"cna": {"title": "Out of Bounds Read in OpenRazer Driver", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/openrazer/openrazer/security/advisories/GHSA-39hg-jvc9-fg7h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openrazer/openrazer/security/advisories/GHSA-39hg-jvc9-fg7h"}, {"name": "https://github.com/openrazer/openrazer/commit/33aa7f07d54ae066f201c6d298cb4a2181cb90e6", "tags": ["x_refsource_MISC"], "url": "https://github.com/openrazer/openrazer/commit/33aa7f07d54ae066f201c6d298cb4a2181cb90e6"}], "affected": [{"vendor": "openrazer", "product": "openrazer", "versions": [{"version": "< 3.5.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-05T19:22:30.988Z"}, "descriptions": [{"lang": "en", "value": "OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices."}], "source": {"advisory": "GHSA-39hg-jvc9-fg7h", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openrazer_project:openrazer:*:*:*:*:*:linux:*:*", "matchCriteriaId": "6DC7A7BD-6A98-4B2B-98BE-5BDD21768F26", "versionEndExcluding": "3.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices."}, {"lang": "es", "value": "OpenRazer es un controlador de c\u00f3digo abierto y un demonio de espacio de usuario para controlar la iluminaci\u00f3n del dispositivo Razer y otras funciones en GNU/Linux. Al utilizar un dispositivo USB modificado, un atacante puede filtrar las direcciones de pila de `razer_attr_read_dpi_stages`, evitando potencialmente KASLR. Para explotar esta vulnerabilidad, un atacante necesitar\u00eda acceder al teclado o al mouse de un usuario o necesitar\u00eda convencer a un usuario para que use un dispositivo modificado. El problema se solucion\u00f3 en la versi\u00f3n 3.5.1. Se recomienda a los usuarios que actualicen y se les debe recordar que no conecten dispositivos USB desconocidos."}], "id": "CVE-2022-23467", "lastModified": "2022-12-06T20:34:49.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 3.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-12-05T20:15:10.133", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openrazer/openrazer/commit/33aa7f07d54ae066f201c6d298cb4a2181cb90e6"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/openrazer/openrazer/security/advisories/GHSA-39hg-jvc9-fg7h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Primary"}]}