EUVD-2026-15254
GHSA-7v8h-qq4w-74wv
Lifecycle Timeline
4Description
In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.
Analysis
The Linux kernel's kaweth USB driver fails to validate that probed USB devices have the expected number and types of endpoints before binding to them, allowing a malicious or malformed USB device to cause a kernel crash when the driver blindly accesses non-existent endpoints. This denial-of-service vulnerability affects Linux kernel versions across multiple stable branches and can be triggered by any user with the ability to connect a crafted USB device to a system running the vulnerable kernel. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Vendor Status
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 5.10.223-1 | - |
| bullseye (security) | vulnerable | 5.10.251-1 | - |
| bookworm | vulnerable | 6.1.159-1 | - |
| bookworm (security) | vulnerable | 6.1.164-1 | - |
| trixie | vulnerable | 6.12.73-1 | - |
| trixie (security) | vulnerable | 6.12.74-2 | - |
| forky, sid | fixed | 6.19.8-1 | - |
| (unstable) | fixed | 6.19.8-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today