Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is caused by an out-of-bounds operation in the xudc ep enable handler of the udc-xilinx.ko module in the Linux kernel. This can allow an attacker to write to unauthorized memory areas when a Xilinx USB peripheral controller device is connected. The xudc ep enable function calls xudc ep enable, which reads the bEndpointAddress field of the device descriptor. If the bEndpointAddress is greater than 8 but less than 16, the ep->epnumber value will be greater than 8, exceeding the size of the rambase array. As a result, data may be sent to unauthorized memory locations in the xudc dma send function, which uses ep->rambase to determine the data write address.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.