In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
5.13.0-19.195.15.0-17.175.15.0-18.185.15.0-22.225.15.0-23.233.11.0-12.196.5.0-9.94.2.0-16.194.2.0-17.214.2.0-19.234.3.0-1.104.3.0-2.114.3.0-5.164.3.0-6.174.3.0-7.184.4.0-10.254.4.0-101.124+129 more4.2.0-16.194.2.0-17.214.2.0-19.234.3.0-1.104.3.0-2.114.3.0-5.164.3.0-6.174.3.0-7.184.4.0-10.254.4.0-101.124+129 more4.4.0-224.2576.11.0-8.84.13.0-16.194.13.0-17.204.13.0-25.294.13.0-32.354.15.0-10.114.15.0-101.1024.15.0-106.1074.15.0-108.1094.15.0-109.1104.15.0-111.112+83 more4.15.0-177.1865.3.0-18.195.3.0-24.265.4.0-100.1135.4.0-104.1185.4.0-105.1195.4.0-107.1215.4.0-109.1235.4.0-18.225.4.0-21.255.4.0-24.28+46 more5.4.0-110.1245.13.0-1005.65.15.0-1002.45.15.0-1003.54.4.0-1002.24.4.0-1003.34.4.0-1005.54.4.0-1006.64.4.0-1009.94.4.0-1010.104.4.0-1011.114.4.0-1012.124.4.0-1014.144.4.0-1016.16+57 more4.4.0-1104.109Exploitability
AV:NAC:LPR:LUI:NScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H