Skip to main content

Linux CVE-2026-23312

| EUVDEUVD-2026-15254 MEDIUM
2026-03-25 Linux GHSA-7v8h-qq4w-74wv
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
5.2 MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 26, 2026 - 15:07 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15254
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: usb: kaweth: validate USB endpoints

The kaweth driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.

AnalysisAI

The Linux kernel's kaweth USB driver fails to validate that probed USB devices have the expected number and types of endpoints before binding to them, allowing a malicious or malformed USB device to cause a kernel crash when the driver blindly accesses non-existent endpoints. This denial-of-service vulnerability affects Linux kernel versions across multiple stable branches and can be triggered by any user with the ability to connect a crafted USB device to a system running the vulnerable kernel. While CVSS and EPSS scores are not available, the vulnerability represents a straightforward crash vector with no reported active exploitation but patches are available across multiple kernel versions.

Technical ContextAI

The kaweth driver is a Linux kernel module (net/usb/kaweth.c) that handles Kawasaki USB Ethernet adapters. The root cause is classified as insufficient input validation (CWE-20 implicit from the description) on USB device descriptors. During device probing, the driver should enumerate and validate the presence of required USB endpoints (typically interrupt and bulk endpoints) before attempting to use them in subsequent operations. The vulnerability occurs because the driver does not perform proper endpoint validation, instead assuming specific endpoints exist at known indices. When a malicious device is connected with missing or differently-ordered endpoints, the driver crashes when attempting to dereference null or invalid endpoint pointers. This affects all Linux distributions shipping the kaweth driver module (CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*).

RemediationAI

Update the Linux kernel to a patched version that includes the endpoint validation fix. Most distributions have released patched kernel versions—check your distribution's security advisory or kernel changelog for the specific version that includes the kaweth driver endpoint validation patch. For distributions using stable kernel branches, the fixes are available in kernel versions that include one of the referenced commits. Until patching is possible, users can mitigate risk by disabling the kaweth module via blacklisting (add 'blacklist kaweth' to /etc/modprobe.d/blacklist.conf) if the hardware is not in use, restricting physical USB access to trusted users only, or using BIOS/UEFI settings to disable external USB ports if the affected hardware is not required. Organizations should prioritize patching systems with USB connectivity accessible to untrusted users or in shared environments.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23312 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy