Linux Kernel HID CP2112 Buffer Overflow Vulnerability

Vulnerability

A buffer overflow vulnerability has been identified in the Linux kernel's HID CP2112 driver. The issue arises in the 'cp2112_xfer()' function, where the 'read_length' variable, sourced from user input, can take values between 0 and 255. This variable is used to determine the length of data to be read, but without proper validation, it can lead to a buffer overflow when the length exceeds the allocated buffer size. The vulnerability has been addressed by adding an upper limit to the 'read_length' variable, ensuring it does not exceed the buffer capacity.

Impact

Exploitation of this vulnerability could lead to a buffer overflow, potentially allowing for arbitrary code execution or causing a denial-of-service condition.

Added: Jun 18, 2025, 3:25 PM

Updated: Jun 18, 2025, 3:25 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel HID CP2112 Buffer Overflow Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating