USB Isochronous Device Vulnerability in Linux Kernel by NEC
CVE-2025-22022

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 April 2025

What is CVE-2025-22022?

A significant vulnerability exists in the Linux kernel that affects NEC USB controllers, specifically related to isochronous endpoints. When the NEC uPD720200 device encounters Missed Service Errors, it can result in IOMMU faults. The issue arises when USB transfer ring segments are mismanaged, potentially leading to buffer overruns that might corrupt active data transfers. This vulnerability can lead to erratic behavior in connected devices, as malfunctioning isochronous endpoints may cause inconsistent data handling across various hardware peripherals within the same IOMMU domain. Applying the correct link chain quirk helps mitigate the issue by ensuring proper data transfer processes.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch