CVE-2022-48866

Name	CVE-2022-48866
Description	In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints. Code should not blindly access usb_host_interface::endpoint array, since it may contain less endpoints than code expects. Fix it by adding missing validaion check and print an error if number of endpoints do not match expected number
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	jessie, jessie (lts)	3.16.84-1	vulnerable
	stretch (security)	4.9.320-2	vulnerable
	stretch (lts), stretch	4.9.320-3	vulnerable
	buster (security), buster, buster (lts)	4.19.316-1	vulnerable
	bullseye (security), bullseye	5.10.223-1	fixed
	bookworm	6.1.106-3	fixed
	bookworm (security)	6.1.99-1	fixed
	trixie	6.10.6-1	fixed
	sid	6.10.7-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency
linux	source	jessie	(unfixed)	end-of-life
linux	source	stretch	(unfixed)	end-of-life
linux	source	buster	(unfixed)	end-of-life
linux	source	bullseye	(not affected)
linux	source	(unstable)	5.16.18-1

[bullseye] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/fc3ef2e3297b3c0e2006b5d7b3d66965e3392036 (5.17-rc8)