CVE-2022-48805: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-48805 is a security vulnerability in the Linux kernel's ax88179rxfixup() function affecting the ASIX AX88179_178A USB 3.0/2.0 to gigabit ethernet adapter driver. The vulnerability was disclosed on July 16, 2024, and involves multiple out-of-bounds accesses that can be triggered by a malicious or defective USB device (NVD).

The vulnerability exists in the ax88179rxfixup() function and contains several out-of-bounds access issues: 1) The metadata array (hdroff..hdroff+2*pkt_cnt) can be out of bounds, causing OOB reads and OOB endianness flips on big-endian systems, 2) A packet can overlap the metadata array, causing a later OOB endianness flip to corrupt data used by a cloned SKB already handed off into the network stack, 3) A packet SKB can be constructed whose tail is far beyond its end, causing out-of-bounds heap data to be considered part of the SKB's data (Kernel Git).

The vulnerability can be exploited by a malicious USB device to send a bogus ICMPv6 Echo Request and receive an ICMPv6 Echo Reply in response that contains random kernel heap data. Additionally, there is potential for out-of-bounds writes on little-endian systems through IP options processing, though this hasn't been fully verified (Kernel Git).

The vulnerability has been fixed in the Linux kernel through a patch that implements proper bounds checking and packet handling in the ax88179rxfixup() function. The fix includes validation of metadata array bounds, prevention of packet overlap with metadata arrays, and proper SKB data handling (Kernel Git).