CVE-2022-23467
low-risk
Published 2022-12-05
OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.4/10
Medium
PHYSICAL
/ HIGH complexity
Affected Products (1)
Openrazer
Affected Vendors
References (5)
16
/ 100
low-risk
Severity
11/34 · Low
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal