VDB

DEBIAN-CVE-2022-50876

DEBIAN-CVE-2022-50876 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix musb_gadget.c rxstate overflow bug The usb function device call musb_gadget_queue() adds the passed request to musb_ep::req_list,If the (request->length > musb_ep->packet_sz) and (is_buffer_mapped(req) return false),the rxstate() will copy all data in fifo to request->buf which may cause request->buf out of bounds. Fix it by add the length check : fifocnt = min_t(unsigned, request->length - request->actual, fifocnt);

Affected Products

VendorProductVersions
Debian:11linux*, 0, 5.10.140-1
Debian:12linux0, 0, 0
Debian:14linux0, 0, 0
Debian:13linux0, 0, 0

Timeline

  • Dec 30, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›