net: usb: kaweth: validate USB endpoints
Summary
| CVE | CVE-2026-23312 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-03-25 11:16:27 UTC |
| Updated | 2026-04-18 09:16:18 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints. |
Risk And Classification
EPSS: 0.000320000 probability, percentile 0.090980000 (date 2026-04-18)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 3b5075e4ce97d1a1ce82ff3fb6308761987a48bb git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 6c986abd2a5033633c6e6f9dd135cf96b19c7fdf git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 7c7ebf5e45d2504d92ea294ac3828d58586491df git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 72f90f481c6a059680b9b976695d4cfb04fba1f3 git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 f33e80d195a003b384620ee240f69092b519146b git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 2795fc06e7652c0ba299d936c584d5e08b6b57a1 git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 0aae18e4638a7c1c579df92bc6edc36cedfaaa8c git | Not specified |
| CNA | Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 4b063c002ca759d1b299988ee23f564c9609c875 git | Not specified |
| CNA | Linux | Linux | affected 2.6.12 | Not specified |
| CNA | Linux | Linux | unaffected 2.6.12 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.253 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.203 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.167 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.130 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.77 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.17 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19.7 6.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/f33e80d195a003b384620ee240f69092b519146b | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/3b5075e4ce97d1a1ce82ff3fb6308761987a48bb | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/7c7ebf5e45d2504d92ea294ac3828d58586491df | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/2795fc06e7652c0ba299d936c584d5e08b6b57a1 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/72f90f481c6a059680b9b976695d4cfb04fba1f3 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/4b063c002ca759d1b299988ee23f564c9609c875 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/0aae18e4638a7c1c579df92bc6edc36cedfaaa8c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/6c986abd2a5033633c6e6f9dd135cf96b19c7fdf | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.