We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-37810

usb: dwc3: gadget: check that event count does not exceed event buffer length



Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check that event count does not exceed event buffer length, avoiding an out-of-bounds access when memcpy'ing the event. Crash log: Unable to handle kernel paging request at virtual address ffffffc0129be000 pc : __memcpy+0x114/0x180 lr : dwc3_check_event_buf+0xec/0x348 x3 : 0000000000000030 x2 : 000000000000dfc4 x1 : ffffffc0129be000 x0 : ffffff87aad60080 Call trace: __memcpy+0x114/0x180 dwc3_interrupt+0x24/0x34

Reserved 2025-04-16 | Published 2025-05-08 | Updated 2025-05-08 | Assigner Linux

Product status

Default status
unaffected

72246da40f3719af3bfd104a2365b32537c27d83 before 015c39f38e69a491d2abd5e98869a500a9459b3b
affected

72246da40f3719af3bfd104a2365b32537c27d83 before b43225948b231b3f331194010f84512bee4d9f59
affected

72246da40f3719af3bfd104a2365b32537c27d83 before c0079630f268843a25ed75226169cba40e0d8880
affected

72246da40f3719af3bfd104a2365b32537c27d83 before a44547015287a19001384fe94dbff84c92ce4ee1
affected

72246da40f3719af3bfd104a2365b32537c27d83 before c4d80e41cb42008dceb35e5dbf52574d93beac0d
affected

72246da40f3719af3bfd104a2365b32537c27d83 before 52a7c9d930b95aa8b1620edaba4818040c32631f
affected

72246da40f3719af3bfd104a2365b32537c27d83 before 99d655119b870ee60e4dbf310aa9a1ed8d9ede3d
affected

72246da40f3719af3bfd104a2365b32537c27d83 before 63ccd26cd1f6600421795f6ca3e625076be06c9f
affected

Default status
affected

3.2
affected

Any version before 3.2
unaffected

5.4.293
unaffected

5.10.237
unaffected

5.15.181
unaffected

6.1.136
unaffected

6.6.89
unaffected

6.12.26
unaffected

6.14.5
unaffected

6.15-rc4
unaffected

References

git.kernel.org/...c/015c39f38e69a491d2abd5e98869a500a9459b3b

git.kernel.org/...c/b43225948b231b3f331194010f84512bee4d9f59

git.kernel.org/...c/c0079630f268843a25ed75226169cba40e0d8880

git.kernel.org/...c/a44547015287a19001384fe94dbff84c92ce4ee1

git.kernel.org/...c/c4d80e41cb42008dceb35e5dbf52574d93beac0d

git.kernel.org/...c/52a7c9d930b95aa8b1620edaba4818040c32631f

git.kernel.org/...c/99d655119b870ee60e4dbf310aa9a1ed8d9ede3d

git.kernel.org/...c/63ccd26cd1f6600421795f6ca3e625076be06c9f

cve.org (CVE-2025-37810)

nvd.nist.gov (CVE-2025-37810)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-37810

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.