7.2 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier.
bugzilla.redhat.com/show_bug.cgi?id=2294696
nvd.nist.gov/vuln/detail/CVE-2016-20022
www.cve.org/CVERecord?id=CVE-2016-20022