CVE-2026-23312

medium

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.

References

https://git.kernel.org/stable/c/f33e80d195a003b384620ee240f69092b519146b

https://git.kernel.org/stable/c/7c7ebf5e45d2504d92ea294ac3828d58586491df

https://git.kernel.org/stable/c/72f90f481c6a059680b9b976695d4cfb04fba1f3

https://git.kernel.org/stable/c/4b063c002ca759d1b299988ee23f564c9609c875

https://git.kernel.org/stable/c/2795fc06e7652c0ba299d936c584d5e08b6b57a1

https://git.kernel.org/stable/c/0aae18e4638a7c1c579df92bc6edc36cedfaaa8c

Details

Source: Mitre, NVD

Published: 2026-03-25

Updated: 2026-03-25

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00024