VDB
DEBIAN-CVE-2022-50876
DEBIAN-CVE-2022-50876
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix musb_gadget.c rxstate overflow bug The usb function device call musb_gadget_queue() adds the passed request to musb_ep::req_list,If the (request->length > musb_ep->packet_sz) and (is_buffer_mapped(req) return false),the rxstate() will copy all data in fifo to request->buf which may cause request->buf out of bounds. Fix it by add the length check : fifocnt = min_t(unsigned, request->length - request->actual, fifocnt);
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux | *, 0, 5.10.140-1 |
| Debian:12 | linux | 0, 0, 0 |
| Debian:14 | linux | 0, 0, 0 |
| Debian:13 | linux | 0, 0, 0 |
Timeline
- Dec 30, 2025 CVE Published
- Apr 28, 2026 CVE Updated