USB Isochronous Device Vulnerability in Linux Kernel by NEC
CVE-2025-22022

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 April 2025

Summary

A significant vulnerability exists in the Linux kernel that affects NEC USB controllers, specifically related to isochronous endpoints. When the NEC uPD720200 device encounters Missed Service Errors, it can result in IOMMU faults. The issue arises when USB transfer ring segments are mismanaged, potentially leading to buffer overruns that might corrupt active data transfers. This vulnerability can lead to erratic behavior in connected devices, as malfunctioning isochronous endpoints may cause inconsistent data handling across various hardware peripherals within the same IOMMU domain. Applying the correct link chain quirk helps mitigate the issue by ensuring proper data transfer processes.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 43a18225150ce874d23b37761c302a5dffee1595

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 061a1683bae6ef56ab8fa392725ba7495515cd1d

References

https://git.kernel.org/stable/c/a4931d9fb99eb5462f3eaa231...

https://git.kernel.org/stable/c/43a18225150ce874d23b37761...

https://git.kernel.org/stable/c/061a1683bae6ef56ab8fa3927...

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Dec 29, 2024