CVE-2022-50876 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

usb: musb: Fix musb_gadget.c rxstate overflow bug

The usb function device call musb_gadget_queue() adds the passed
request to musb_ep::req_list,If the (request->length > musb_ep->packet_sz)
and (is_buffer_mapped(req) return false),the rxstate() will copy all data
in fifo to request->buf which may cause request->buf out of bounds.

Fix it by add the length check :
fifocnt = min_t(unsigned, request->length - request->actual, fifocnt);

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/3c84c7f592c4ba38f54ddaddd0115acc443025db
https://git.kernel.org/stable/c/523313881f0aa5cbbdb548ce575b6e58b202bd76
https://git.kernel.org/stable/c/7c80f3a918ba9aa26fb699ee887064ec3af0396a
https://git.kernel.org/stable/c/826f84ab04a5cafe484ea9c2c85a3930068e5cb7
https://git.kernel.org/stable/c/a1008c8b9f357691ce6a8fdb8f157aecb2d79167
https://git.kernel.org/stable/c/a9ccd2ab1becf5dcb6d57e9fcd981f5eaa606c96
https://git.kernel.org/stable/c/acf0006f2b2b2ca672988875fd154429aafb2a9b
https://git.kernel.org/stable/c/d6afcab1b48f4051211c50145b9e91be3b1b42c9
https://git.kernel.org/stable/c/eea4c860c3b366369eff0489d94ee4f0571d467d

History

Tue, 30 Dec 2025 12:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix musb_gadget.c rxstate overflow bug The usb function device call musb_gadget_queue() adds the passed request to musb_ep::req_list,If the (request->length > musb_ep->packet_sz) and (is_buffer_mapped(req) return false),the rxstate() will copy all data in fifo to request->buf which may cause request->buf out of bounds. Fix it by add the length check : fifocnt = min_t(unsigned, request->length - request->actual, fifocnt);
Title		usb: musb: Fix musb_gadget.c rxstate overflow bug
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3c84c7f592c4ba38f54ddaddd0115acc443025db https://git.kernel.org/stable/c/523313881f0aa5cbbdb548ce575b6e58b202bd76 https://git.kernel.org/stable/c/7c80f3a918ba9aa26fb699ee887064ec3af0396a https://git.kernel.org/stable/c/826f84ab04a5cafe484ea9c2c85a3930068e5cb7 https://git.kernel.org/stable/c/a1008c8b9f357691ce6a8fdb8f157aecb2d79167 https://git.kernel.org/stable/c/a9ccd2ab1becf5dcb6d57e9fcd981f5eaa606c96 https://git.kernel.org/stable/c/acf0006f2b2b2ca672988875fd154429aafb2a9b https://git.kernel.org/stable/c/d6afcab1b48f4051211c50145b9e91be3b1b42c9 https://git.kernel.org/stable/c/eea4c860c3b366369eff0489d94ee4f0571d467d

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-30T12:23:16.790Z

Updated: 2025-12-30T12:23:16.790Z

Reserved: 2025-12-30T12:06:07.137Z

Link: CVE-2022-50876

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-30T13:16:02.610

Modified: 2025-12-30T13:16:02.610

Link: CVE-2022-50876

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Metrics

Affected Vendors & Products

Projects

Metrics

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object