PT-2025-54112 · Linux · Linux Kernel

Published

2022-09-22

Updated

2026-02-24

CVE-2022-50876

CVSS v2.0

2.7

Low

Vector

AV:A/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the USB function device call musb gadget queue() within the musb gadget.c file. When a request's length exceeds the endpoint packet size and is buffer mapped(req) returns false, the rxstate() function may copy all data in the FIFO to the request buffer, potentially causing an out-of-bounds write. The issue occurs when adding a request to musb ep::req list. A length check has been added to mitigate this.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2026-01324

CVE-2022-50876

SUSE-SU-2026:0263-1

SUSE-SU-2026:0317-1

SUSE-SU-2026:0350-1

SUSE-SU-2026:0369-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0617-1

Affected Products

Linux Kernel

PT-2025-54112 · Linux · Linux Kernel

CVE-2022-50876

Weakness Enumeration

Related Identifiers

Affected Products

References · 995