CVE-2026-23312
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/03/2026
Last modified:
18/04/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: usb: kaweth: validate USB endpoints<br />
<br />
The kaweth driver should validate that the device it is probing has the<br />
proper number and types of USB endpoints it is expecting before it binds<br />
to it. If a malicious device were to not have the same urbs the driver<br />
will crash later on when it blindly accesses these endpoints.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0aae18e4638a7c1c579df92bc6edc36cedfaaa8c
- https://git.kernel.org/stable/c/2795fc06e7652c0ba299d936c584d5e08b6b57a1
- https://git.kernel.org/stable/c/3b5075e4ce97d1a1ce82ff3fb6308761987a48bb
- https://git.kernel.org/stable/c/4b063c002ca759d1b299988ee23f564c9609c875
- https://git.kernel.org/stable/c/6c986abd2a5033633c6e6f9dd135cf96b19c7fdf
- https://git.kernel.org/stable/c/72f90f481c6a059680b9b976695d4cfb04fba1f3
- https://git.kernel.org/stable/c/7c7ebf5e45d2504d92ea294ac3828d58586491df
- https://git.kernel.org/stable/c/f33e80d195a003b384620ee240f69092b519146b