CVE-2016-20022

HIGH

Linux kernel <4.8 - Info Disclosure

Title source: llm

Description

In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier.

References (3)

Core 3

Core References

Various Sources

https://www.spinics.net/lists/linux-usb/msg144177.html

Mailing List

https://lore.kernel.org/lkml/1486322541-8206-8-git-send-email-w%401wt.eu/

Patch

https://github.com/torvalds/linux/commit/aed9d65ac3278d4febd8665bd7db59ef53e825fe

Scores

CVSS v3 8.4

EPSS 0.0011

EPSS Percentile 29.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125

Status published

Published Jun 27, 2024

Tracked Since Feb 18, 2026