SB20251230193 - Out-of-bounds read in Linux kernel usb musb driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2022-50876)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the rxstate() function in drivers/usb/musb/musb_gadget.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/3c84c7f592c4ba38f54ddaddd0115acc443025db
• https://git.kernel.org/stable/c/523313881f0aa5cbbdb548ce575b6e58b202bd76
• https://git.kernel.org/stable/c/7c80f3a918ba9aa26fb699ee887064ec3af0396a
• https://git.kernel.org/stable/c/826f84ab04a5cafe484ea9c2c85a3930068e5cb7
• https://git.kernel.org/stable/c/a1008c8b9f357691ce6a8fdb8f157aecb2d79167
• https://git.kernel.org/stable/c/a9ccd2ab1becf5dcb6d57e9fcd981f5eaa606c96
• https://git.kernel.org/stable/c/acf0006f2b2b2ca672988875fd154429aafb2a9b
• https://git.kernel.org/stable/c/d6afcab1b48f4051211c50145b9e91be3b1b42c9
• https://git.kernel.org/stable/c/eea4c860c3b366369eff0489d94ee4f0571d467d
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.296
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.262
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.331
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.150
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.75
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.17
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.220
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1