In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. https://github.com/torvalds/linux/commit/7f14c7227f342d9932f9b918893c8814f86d2a0d https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.12
There was no shipped kernel version that was seen affected by this problem. These files are not built in our source code.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-27223