CVE-2025-21835

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: gadget: f_midi: fix MIDI Streaming descriptor lengths<br /> <br /> While the MIDI jacks are configured correctly, and the MIDIStreaming<br /> endpoint descriptors are filled with the correct information,<br /> bNumEmbMIDIJack and bLength are set incorrectly in these descriptors.<br /> <br /> This does not matter when the numbers of in and out ports are equal, but<br /> when they differ the host will receive broken descriptors with<br /> uninitialized stack memory leaking into the descriptor for whichever<br /> value is smaller.<br /> <br /> The precise meaning of "in" and "out" in the port counts is not clearly<br /> defined and can be confusing. But elsewhere the driver consistently<br /> uses this to match the USB meaning of IN and OUT viewed from the host,<br /> so that "in" ports send data to the host and "out" ports receive data<br /> from it.