{"vulnerability": "CVE-2022-25375", "sightings": [{"uuid": "749e640c-12e5-44e9-952b-b9f77ab99ad1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25375", "type": "seen", "source": "https://t.me/cibsecurity/37852", "content": "\u203c CVE-2022-25375 \u203c\n\nAn issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-20T22:40:40.000000Z"}, {"uuid": "01727859-b92d-4b82-95c2-260c654d217a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25375", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1514", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-25375 - Demo exploit of RNDIS USB Gadget\nURL\uff1ahttps://github.com/szymonh/rndis-co", "creation_timestamp": "2022-02-20T20:01:12.000000Z"}, {"uuid": "60caef5b-a293-4202-8804-97e11b993ab0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25375", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1750", "content": "#exploit\n1. CVE-2022-25375:\nDemo exploit of RNDIS USB Gadget\nhttps://github.com/szymonh/rndis-co\n\n2. CVE-2022-24112:\nApache APISIX apisix/batch-requests RCE\nhttps://github.com/Mr-xn/CVE-2022-24112\n]-> https://github.com/shakeman8/CVE-2022-24112\n\n@BlueRedTeam", "creation_timestamp": "2022-02-23T05:20:26.000000Z"}, {"uuid": "473dbc48-5fb0-4e71-b885-cc7086308e6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25375", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5476", "content": "#exploit\n1. CVE-2022-25375:\nDemo exploit of RNDIS USB Gadget\nhttps://github.com/szymonh/rndis-co\n\n2. Cross-site information leak - Leaking cross-origin redirect destination URI due to CORS (iOS)\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=1230444", "creation_timestamp": "2022-03-21T08:42:48.000000Z"}]}