A possible kernel memory information disclosure was discovered in drivers/usb/gadget/function/rndis.c. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. References: http://www.openwall.com/lists/oss-security/2022/02/21/1
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2059924]
This was fixed for Fedora with the 5.16.10 stable kernel updates.
Upstream commit: https://github.com/torvalds/linux/commit/38ea1eac7d88072bbffb630e2b3db83ca649b826