vulnerability
Ubuntu: (CVE-2016-20022): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Jun 27, 2024 | Nov 19, 2024 | Sep 5, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Jun 27, 2024
Added
Nov 19, 2024
Modified
Sep 5, 2025
Description
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier.
Solutions
ubuntu-upgrade-linuxubuntu-upgrade-linux-lts-xenial
References
- CVE-2016-20022
- https://attackerkb.com/topics/CVE-2016-20022
- CWE-125
- URL-https://git.kernel.org/linus/aed9d65ac3278d4febd8665bd7db59ef53e825fe
- URL-https://github.com/torvalds/linux/commit/aed9d65ac3278d4febd8665bd7db59ef53e825fe
- URL-https://lore.kernel.org/lkml/1486322541-8206-8-git-send-email-w%401wt.eu/
- URL-https://www.cve.org/CVERecord?id=CVE-2016-20022
- URL-https://www.spinics.net/lists/linux-usb/msg144177.html
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.