CVE-2025-37810
Published: May 8, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check that event count does not exceed event buffer length, avoiding an out-of-bounds access when memcpy'ing the event. Crash log: Unable to handle kernel paging request at virtual address ffffffc0129be000 pc : __memcpy+0x114/0x180 lr : dwc3_check_event_buf+0xec/0x348 x3 : 0000000000000030 x2 : 000000000000dfc4 x1 : ffffffc0129be000 x0 : ffffff87aad60080 Call trace: __memcpy+0x114/0x180 dwc3_interrupt+0x24/0x34
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 72246da40f3719af3bfd104a2365b32537c27d83 - < 015c39f38e69a491d2abd5e98869a500a9459b3baffected 72246da40f3719af3bfd104a2365b32537c27d83 - < b43225948b231b3f331194010f84512bee4d9f59affected 72246da40f3719af3bfd104a2365b32537c27d83 - < c0079630f268843a25ed75226169cba40e0d8880affected 72246da40f3719af3bfd104a2365b32537c27d83 - < a44547015287a19001384fe94dbff84c92ce4ee1affected 72246da40f3719af3bfd104a2365b32537c27d83 - < c4d80e41cb42008dceb35e5dbf52574d93beac0d+3 more versions |
Linux | Linux | affected 3.2unaffected 0 - < 3.2unaffected 5.4.293 - <= 5.4.*unaffected 5.10.237 - <= 5.10.*unaffected 5.15.181 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now