CVE-2022-50876
Buffer Overflow in Linux musb_gadget USB Driver Fixed
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow bug in the Linux kernel's USB function device driver musb_gadget. Specifically, in the musb_gadget_queue() function, if a request's length is greater than the endpoint's packet size and the buffer is not mapped, the rxstate() function copies all data from the FIFO to the request buffer without proper length checks, potentially causing an out-of-bounds write. The fix involved adding a length check to limit the amount of data copied to the buffer.
How can this vulnerability impact me? :
This vulnerability can lead to a buffer overflow in the USB gadget driver, which may cause memory corruption. This could potentially be exploited to crash the system or execute arbitrary code with kernel privileges, impacting system stability and security.