CVE-2022-50876
Published: Dec 30, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix musb_gadget.c rxstate overflow bug The usb function device call musb_gadget_queue() adds the passed request to musb_ep::req_list,If the (request->length > musb_ep->packet_sz) and (is_buffer_mapped(req) return false),the rxstate() will copy all data in fifo to request->buf which may cause request->buf out of bounds. Fix it by add the length check : fifocnt = min_t(unsigned, request->length - request->actual, fifocnt);
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 03840fad004ce8a56bc8b3bb60a2df10f6f9481e - < 826f84ab04a5cafe484ea9c2c85a3930068e5cb7affected 03840fad004ce8a56bc8b3bb60a2df10f6f9481e - < a1008c8b9f357691ce6a8fdb8f157aecb2d79167affected 03840fad004ce8a56bc8b3bb60a2df10f6f9481e - < 7c80f3a918ba9aa26fb699ee887064ec3af0396aaffected 03840fad004ce8a56bc8b3bb60a2df10f6f9481e - < d6afcab1b48f4051211c50145b9e91be3b1b42c9affected 03840fad004ce8a56bc8b3bb60a2df10f6f9481e - < acf0006f2b2b2ca672988875fd154429aafb2a9b+4 more versions |
Linux | Linux | affected 4.3unaffected 0 - < 4.3unaffected 4.9.331 - <= 4.9.*unaffected 4.14.296 - <= 4.14.*unaffected 4.19.262 - <= 4.19.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now