USB Isochronous Device Vulnerability in Linux Kernel by NEC
CVE-2025-22022

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 April 2025

What is CVE-2025-22022?

A significant vulnerability exists in the Linux kernel that affects NEC USB controllers, specifically related to isochronous endpoints. When the NEC uPD720200 device encounters Missed Service Errors, it can result in IOMMU faults. The issue arises when USB transfer ring segments are mismanaged, potentially leading to buffer overruns that might corrupt active data transfers. This vulnerability can lead to erratic behavior in connected devices, as malfunctioning isochronous endpoints may cause inconsistent data handling across various hardware peripherals within the same IOMMU domain. Applying the correct link chain quirk helps mitigate the issue by ensuring proper data transfer processes.

Affected Version(s)

Linux 7e393a834b41001174a8fb3ae3bc23a749467760

Linux 7e393a834b41001174a8fb3ae3bc23a749467760 < 43a18225150ce874d23b37761c302a5dffee1595

Linux 7e393a834b41001174a8fb3ae3bc23a749467760 < 061a1683bae6ef56ab8fa392725ba7495515cd1d

References

https://git.kernel.org/stable/c/a4931d9fb99eb5462f3eaa231...

https://git.kernel.org/stable/c/43a18225150ce874d23b37761...

https://git.kernel.org/stable/c/061a1683bae6ef56ab8fa3927...

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Dec 29, 2024

JSON