usb: gadget: f_midi: fix MIDI Streaming descriptor lengths

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2025-21835
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2025-03-07 09:15:16 UTC
Updated2026-05-12 13:16:37 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_midi: fix MIDI Streaming descriptor lengths While the MIDI jacks are configured correctly, and the MIDIStreaming endpoint descriptors are filled with the correct information, bNumEmbMIDIJack and bLength are set incorrectly in these descriptors. This does not matter when the numbers of in and out ports are equal, but when they differ the host will receive broken descriptors with uninitialized stack memory leaking into the descriptor for whichever value is smaller. The precise meaning of "in" and "out" in the port counts is not clearly defined and can be confusing. But elsewhere the driver consistently uses this to match the USB meaning of IN and OUT viewed from the host, so that "in" ports send data to the host and "out" ports receive data from it.

Risk And Classification

Primary CVSS: v3.1 5.5 MEDIUM from [email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem Types: NVD-CWE-noinfo

CVSS v3.1 Breakdown

Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Linux Linux Kernel All All All All

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected c8933c3f79568263c90a46f06cf80419e6c63c97 3a983390d14e8498f303fc5cb23ab7d696b815db git Not specified
CNA Linux Linux affected c8933c3f79568263c90a46f06cf80419e6c63c97 9f36a89dcb78cb7e37f487b04a16396ac18c0636 git Not specified
CNA Linux Linux affected c8933c3f79568263c90a46f06cf80419e6c63c97 d8e86700c8a8cf415e300a0921acd6a8f9b494f8 git Not specified
CNA Linux Linux affected c8933c3f79568263c90a46f06cf80419e6c63c97 9f6860a9c11301b052225ca8825f8d2b1a5825bf git Not specified
CNA Linux Linux affected c8933c3f79568263c90a46f06cf80419e6c63c97 6ae6dee9f005a2f3b739b85abb6f14a0935699e0 git Not specified
CNA Linux Linux affected c8933c3f79568263c90a46f06cf80419e6c63c97 6b16761a928796e4b49e89a0b1ac284155172726 git Not specified
CNA Linux Linux affected c8933c3f79568263c90a46f06cf80419e6c63c97 a2d0694e1f111379c1efdf439dadd3cfd959fe9d git Not specified
CNA Linux Linux affected c8933c3f79568263c90a46f06cf80419e6c63c97 da1668997052ed1cb00322e1f3b63702615c9429 git Not specified
CNA Linux Linux affected 3.2 Not specified
CNA Linux Linux unaffected 3.2 semver Not specified
CNA Linux Linux unaffected 5.4.291 5.4.* semver Not specified
CNA Linux Linux unaffected 5.10.235 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.179 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.129 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.79 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.16 6.12.* semver Not specified
CNA Linux Linux unaffected 6.13.4 6.13.* semver Not specified
CNA Linux Linux unaffected 6.14 * original_commit_for_fix Not specified
ADP Siemens SIMATIC S7-1500 TM MFP - GNU/Linux Subsystem affected * custom Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/3a983390d14e8498f303fc5cb23ab7d696b815db 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
lists.debian.org/debian-lts-announce/2025/05/msg00030.html af854a3a-2127-422b-91ae-364da2661108 lists.debian.org
git.kernel.org/stable/c/d8e86700c8a8cf415e300a0921acd6a8f9b494f8 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/9f36a89dcb78cb7e37f487b04a16396ac18c0636 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
cert-portal.siemens.com/productcert/html/ssa-265688.html 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e cert-portal.siemens.com
git.kernel.org/stable/c/9f6860a9c11301b052225ca8825f8d2b1a5825bf 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/a2d0694e1f111379c1efdf439dadd3cfd959fe9d 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/6ae6dee9f005a2f3b739b85abb6f14a0935699e0 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
git.kernel.org/stable/c/da1668997052ed1cb00322e1f3b63702615c9429 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
lists.debian.org/debian-lts-announce/2025/03/msg00028.html af854a3a-2127-422b-91ae-364da2661108 lists.debian.org
git.kernel.org/stable/c/6b16761a928796e4b49e89a0b1ac284155172726 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org Patch
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report