Linux Kernel DWC3 Gadget Event Buffer Out-of-Bounds Access Vulnerability

Vulnerability

A vulnerability in the Linux kernel's DWC3 USB gadget driver allows for out-of-bounds memory access. The issue arises because the event count, read from the DWC3_GEVNTCOUNT register, is not properly validated against the event buffer length. This oversight can lead to memory corruption when the event count exceeds the buffer length, causing a kernel crash. The vulnerability has been addressed by implementing a check to ensure the event count does not surpass the event buffer length, thereby preventing the out-of-bounds access during memory copy operations.

Impact

Exploitation of this vulnerability can lead to a kernel crash, indicating a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel DWC3 Gadget Event Buffer Out-of-Bounds Access Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating