CVE-2022-29023: 
NixOS vulnerability analysis and mitigation

A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0. The vulnerability allows attackers to cause a Denial of Service (DoS) and potentially escalate their privileges via a crafted buffer sent to the matrixcustomframe device (NVD, CyberArk).

The vulnerability exists in the matrixcustomframe functionality that allows setting colors of keyboard rows. The issue occurs because there is no validation on the rowlength parameter which is calculated based on user-controlled startcol and stopcol values. This allows an attacker to trigger a buffer overflow by providing values that make rowlength exceed the 80-byte size limit of the arguments buffer in the razer_report structure (CyberArk). The vulnerability has a CVSS v3.1 score of 9.8 CRITICAL (NVD).

Successful exploitation of this vulnerability could allow an attacker to cause a Denial of Service condition by crashing the driver. On systems without FORTIFY_SOURCE protection enabled, the vulnerability could potentially be chained with an information leak to achieve kernel code execution and privilege escalation (CyberArk).

The vulnerability was patched in OpenRazer version 3.3.0 by adding checks before memcpy to prevent buffer overflow. Users should upgrade to version 3.3.0 or later to mitigate this vulnerability (CyberArk).