Fixed
Created: Dec 31, 2025
Updated: Jan 6, 2026
Resolved Date: Dec 31, 2025
Found In Version: 10.22.33.2
Fix Version: 10.22.33.3
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:
usb: musb: Fix musb_gadget.c rxstate overflow bug
The usb function device call musb_gadget_queue() adds the passed
request to musb_ep::req_list,If the (request->length > musb_ep->packet_sz)
and (is_buffer_mapped(req) return false),the rxstate() will copy all data
in fifo to request->buf which may cause request->buf out of bounds.
Fix it by add the length check :
fifocnt = min_t(unsigned, request->length - request->actual, fifocnt);
