CVE-2022-49984

HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report

Description

In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report It is possible for a malicious device to forgo submitting a Feature Report. The HID Steam driver presently makes no prevision for this and de-references the 'struct hid_report' pointer obtained from the HID devices without first checking its validity. Let's change that.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/c20d03b82a2e3ddbb555dad4d4f3374a9763222c
https://git.kernel.org/stable/c/fa2b822d86be5b5ad54fe4fa2daca464e71ff90a
https://git.kernel.org/stable/c/dc815761948ab5b8c94db6cb53c95103588f16ae
https://git.kernel.org/stable/c/989560b6d9e00d99e07bc33067fa1c770994bf4d
https://git.kernel.org/stable/c/dee1e51b54794e90763e70a3c78f27ba4fa930ec
https://git.kernel.org/stable/c/cd11d1a6114bd4bc6450ae59f6e110ec47362126

Frequently Asked Questions

What is the severity of CVE-2022-49984?
CVE-2022-49984 has not yet been assigned a CVSS score.
How to fix CVE-2022-49984?
To fix CVE-2022-49984, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49984 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49984 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49984?
CVE-2022-49984 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.