CVE-2026-23312

EUVD-2026-15254
In the Linux kernel, the following vulnerability has been resolved:

net: usb: kaweth: validate USB endpoints

The kaweth driver should validate that the device it is probing has the
proper number and types of USB endpoints it is expecting before it binds
to it.  If a malicious device were to not have the same urbs the driver
will crash later on when it blindly accesses these endpoints.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
6.19.8-1
fixed
sid
6.19.8-1
fixed
trixie
vulnerable
trixie (security)
vulnerable
References
https://git.kernel.org/stable/c/0aae18e4638a7c1c579df92bc6edc36cedfaaa8c
https://git.kernel.org/stable/c/2795fc06e7652c0ba299d936c584d5e08b6b57a1
https://git.kernel.org/stable/c/4b063c002ca759d1b299988ee23f564c9609c875
https://git.kernel.org/stable/c/72f90f481c6a059680b9b976695d4cfb04fba1f3
https://git.kernel.org/stable/c/7c7ebf5e45d2504d92ea294ac3828d58586491df
https://git.kernel.org/stable/c/f33e80d195a003b384620ee240f69092b519146b