FKIE_CVE-2026-23312

Vulnerability from fkie_nvd - Published: 2026-03-25 11:16 - Updated: 2026-04-18 09:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0aae18e4638a7c1c579df92bc6edc36cedfaaa8c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2795fc06e7652c0ba299d936c584d5e08b6b57a1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3b5075e4ce97d1a1ce82ff3fb6308761987a48bb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4b063c002ca759d1b299988ee23f564c9609c875
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6c986abd2a5033633c6e6f9dd135cf96b19c7fdf
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/72f90f481c6a059680b9b976695d4cfb04fba1f3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7c7ebf5e45d2504d92ea294ac3828d58586491df
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f33e80d195a003b384620ee240f69092b519146b
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kaweth: validate USB endpoints\n\nThe kaweth driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it.  If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: usb: kaweth: validar los puntos finales USB\n\nEl controlador kaweth deber\u00eda validar que el dispositivo que est\u00e1 sondeando tiene el n\u00famero y los tipos adecuados de puntos finales USB que espera antes de vincularse a \u00e9l. Si un dispositivo malicioso no tuviera los mismos urbs, el controlador se bloquear\u00e1 m\u00e1s adelante cuando acceda ciegamente a estos puntos finales."
    }
  ],
  "id": "CVE-2026-23312",
  "lastModified": "2026-04-18T09:16:18.510",
  "metrics": {},
  "published": "2026-03-25T11:16:27.463",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0aae18e4638a7c1c579df92bc6edc36cedfaaa8c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/2795fc06e7652c0ba299d936c584d5e08b6b57a1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3b5075e4ce97d1a1ce82ff3fb6308761987a48bb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/4b063c002ca759d1b299988ee23f564c9609c875"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6c986abd2a5033633c6e6f9dd135cf96b19c7fdf"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/72f90f481c6a059680b9b976695d4cfb04fba1f3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7c7ebf5e45d2504d92ea294ac3828d58586491df"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f33e80d195a003b384620ee240f69092b519146b"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.