{"id":"CVE-2022-23467","summary":"Out of Bounds Read in OpenRazer Driver","details":"OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices.","aliases":["GHSA-39hg-jvc9-fg7h"],"modified":"2026-04-29T04:04:55.834806Z","published":"2022-12-05T19:22:30.988Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23467.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-125"]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00032.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23467.json"},{"type":"ADVISORY","url":"https://github.com/openrazer/openrazer/security/advisories/GHSA-39hg-jvc9-fg7h"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23467"},{"type":"FIX","url":"https://github.com/openrazer/openrazer/commit/33aa7f07d54ae066f201c6d298cb4a2181cb90e6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openrazer/openrazer","events":[{"introduced":"0"},{"fixed":"7bc9da7edf17af89ef8b65e436d73efe9a9ec139"}]}],"versions":["v1.0.0","v1.0.10","v1.0.11","v1.0.12","v1.0.13","v1.0.17","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.0.7","v1.0.7-2","v1.0.8","v1.0.9","v1.1.10","v1.1.11","v1.1.12","v1.1.13","v1.1.14","v1.1.15","v1.1.16","v1.1.3","v1.1.5","v1.1.6","v1.1.7","v1.1.8","v1.1.9","v2.0.0","v2.1","v2.1.1","v2.2.0","v2.2.1","v2.2.2","v2.3.0","v2.3.1","v2.4.0","v2.5.0","v2.6.0","v2.7.0","v2.8.0","v2.9.0","v3.0.0","v3.0.1","v3.1.0","v3.2.0","v3.3.0","v3.4.0","v3.5.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23467.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L"}]}