CVE-2025-37810
HIGH EPSS 8.2%
Published May 8, 20251y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
Published May 8, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check that event count does not exceed event buffer length, avoiding an out-of-bounds access when memcpy'ing the event. Crash log: Unable to handle kernel paging request at virtual address ffffffc0129be000 pc : __memcpy+0x114/0x180 lr : dwc3_check_event_buf+0xec/0x348 x3 : 0000000000000030 x2 : 000000000000dfc4 x1 : ffffffc0129be000 x0 : ffffff87aad60080 Call trace: __memcpy+0x114/0x180 dwc3_interrupt+0x24/0x34
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
8.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-787 Out-of-bounds Write Memory Safety
Affected Products 11
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥3.2 – <5.4.293 |
| linux | linux_kernel | * | ≥5.5 – <5.10.237 |
| linux | linux_kernel | * | ≥5.11 – <5.15.181 |
| linux | linux_kernel | * | ≥5.16 – <6.1.136 |
| linux | linux_kernel | * | ≥6.2 – <6.6.89 |
| linux | linux_kernel | * | ≥6.7 – <6.12.26 |
| linux | linux_kernel | * | ≥6.13 – <6.14.5 |
| linux | linux_kernel | 6.15 | any |
| linux | linux_kernel | 6.15 | any |
| linux | linux_kernel | 6.15 | any |
| debian | debian_linux | 11.0 | any |
References 10
- git.kernel.org https://git.kernel.org/stable/c/015c39f38e69a491d2abd5e98869a500a9459b3b
- git.kernel.org https://git.kernel.org/stable/c/52a7c9d930b95aa8b1620edaba4818040c32631f
- git.kernel.org https://git.kernel.org/stable/c/63ccd26cd1f6600421795f6ca3e625076be06c9f
- git.kernel.org https://git.kernel.org/stable/c/99d655119b870ee60e4dbf310aa9a1ed8d9ede3d
- git.kernel.org https://git.kernel.org/stable/c/a44547015287a19001384fe94dbff84c92ce4ee1
- git.kernel.org https://git.kernel.org/stable/c/b43225948b231b3f331194010f84512bee4d9f59
- git.kernel.org https://git.kernel.org/stable/c/c0079630f268843a25ed75226169cba40e0d8880
- git.kernel.org https://git.kernel.org/stable/c/c4d80e41cb42008dceb35e5dbf52574d93beac0d
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
Remediation
- git.kernel.org https://git.kernel.org/stable/c/015c39f38e69a491d2abd5e98869a500a9459b3b
- git.kernel.org https://git.kernel.org/stable/c/52a7c9d930b95aa8b1620edaba4818040c32631f
- git.kernel.org https://git.kernel.org/stable/c/63ccd26cd1f6600421795f6ca3e625076be06c9f
- git.kernel.org https://git.kernel.org/stable/c/99d655119b870ee60e4dbf310aa9a1ed8d9ede3d
- git.kernel.org https://git.kernel.org/stable/c/a44547015287a19001384fe94dbff84c92ce4ee1
- git.kernel.org https://git.kernel.org/stable/c/b43225948b231b3f331194010f84512bee4d9f59
- git.kernel.org https://git.kernel.org/stable/c/c0079630f268843a25ed75226169cba40e0d8880
- git.kernel.org https://git.kernel.org/stable/c/c4d80e41cb42008dceb35e5dbf52574d93beac0d