fkie_cve-2025-37810
Vulnerability from fkie_nvd
Published
2025-05-08 07:15
Modified
2025-05-08 14:39
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: gadget: check that event count does not exceed event buffer length
The event count is read from register DWC3_GEVNTCOUNT.
There is a check for the count being zero, but not for exceeding the
event buffer length.
Check that event count does not exceed event buffer length,
avoiding an out-of-bounds access when memcpy'ing the event.
Crash log:
Unable to handle kernel paging request at virtual address ffffffc0129be000
pc : __memcpy+0x114/0x180
lr : dwc3_check_event_buf+0xec/0x348
x3 : 0000000000000030 x2 : 000000000000dfc4
x1 : ffffffc0129be000 x0 : ffffff87aad60080
Call trace:
__memcpy+0x114/0x180
dwc3_interrupt+0x24/0x34
References
Impacted products
Vendor | Product | Version |
---|
{ "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: check that event count does not exceed event buffer length\n\nThe event count is read from register DWC3_GEVNTCOUNT.\nThere is a check for the count being zero, but not for exceeding the\nevent buffer length.\nCheck that event count does not exceed event buffer length,\navoiding an out-of-bounds access when memcpy\u0027ing the event.\nCrash log:\nUnable to handle kernel paging request at virtual address ffffffc0129be000\npc : __memcpy+0x114/0x180\nlr : dwc3_check_event_buf+0xec/0x348\nx3 : 0000000000000030 x2 : 000000000000dfc4\nx1 : ffffffc0129be000 x0 : ffffff87aad60080\nCall trace:\n__memcpy+0x114/0x180\ndwc3_interrupt+0x24/0x34" }, { "lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc3: gadget: comprobar que el recuento de eventos no supere la longitud del b\u00fafer de eventos. El recuento de eventos se lee del registro DWC3_GEVNTCOUNT. Se comprueba que el recuento sea cero, pero no que supere la longitud del b\u00fafer de eventos. Se comprueba que el recuento de eventos no supere la longitud del b\u00fafer de eventos, lo que evita un acceso fuera de los l\u00edmites al copiar el evento a memoria. Registro de fallos: No se puede gestionar la solicitud de paginaci\u00f3n del n\u00facleo en la direcci\u00f3n virtual ffffffc0129be000 pc : __memcpy+0x114/0x180 lr : dwc3_check_event_buf+0xec/0x348 x3 : 0000000000000030 x2 : 000000000000dfc4 x1 : ffffffc0129be000 x0 : ffffff87aad60080 Rastreo de llamadas: __memcpy+0x114/0x180 dwc3_interrupt+0x24/0x34" } ], "id": "CVE-2025-37810", "lastModified": "2025-05-08T14:39:09.683", "metrics": {}, "published": "2025-05-08T07:15:52.197", "references": [ { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/015c39f38e69a491d2abd5e98869a500a9459b3b" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/52a7c9d930b95aa8b1620edaba4818040c32631f" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/63ccd26cd1f6600421795f6ca3e625076be06c9f" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/99d655119b870ee60e4dbf310aa9a1ed8d9ede3d" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a44547015287a19001384fe94dbff84c92ce4ee1" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b43225948b231b3f331194010f84512bee4d9f59" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c0079630f268843a25ed75226169cba40e0d8880" }, { "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c4d80e41cb42008dceb35e5dbf52574d93beac0d" } ], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…