Skip to main content

Linux CVE-2026-23365

| EUVDEUVD-2026-15345 MEDIUM
2026-03-25 Linux GHSA-m58v-8vcf-j347
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
5.2 MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 24, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15345
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

net: usb: kalmia: validate USB endpoints

The kalmia driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.

AnalysisAI

The Linux kernel kalmia USB driver fails to validate that connected USB devices have the required endpoints before binding to them, allowing a malicious or malformed USB device to trigger a kernel crash during endpoint access. This denial-of-service vulnerability affects all Linux kernel versions running the kalmia driver (net/usb/kalmia.c) and requires physical USB device connection or local control of USB device enumeration. While no CVSS score or EPSS probability is formally assigned, the vulnerability has been patched across multiple stable kernel branches, indicating recognition of the issue's severity.

Technical ContextAI

The kalmia driver is a Linux kernel module that manages USB-to-Ethernet adapters, specifically handling Kinetic Kalmia devices (net/usb/kalmia.c). The vulnerability exists in the driver's probe function, which binds to USB devices without validating the presence and type of required USB endpoints (bulk in/out, interrupt endpoints, etc.). The root cause is improper input validation (CWE-1025: Comparison Using Wrong Factors, and more broadly CWE-476: NULL Pointer Dereference) where the driver assumes endpoint structures exist without checking, leading to NULL pointer dereferences or out-of-bounds memory access when the driver later attempts to use these endpoints for I/O operations. Affected systems include all Linux distributions (CPE: cpe:2.3:a:linux:linux) running kernels with the kalmia driver enabled, typically in embedded or specialized networking environments where Kalmia USB devices are deployed.

RemediationAI

Apply kernel security updates from your Linux distribution that include the fix commits referenced in kernel.org (28a380bfa5bc7f6a9, 12c0243de0aee0ab, 51c20ea5f1555a98, 011684cd18349aa4, 7bfda1a0be4caec3, c58b6c29a4c9b812). For distributions using LTS kernels, upgrade to the latest patched version in your supported branch (e.g., Linux 5.15.x, 5.10.x, or 6.1.x depending on your vendor). If immediate patching is not possible, disable the kalmia driver by blacklisting the module (echo 'blacklist kalmia' >> /etc/modprobe.d/blacklist.conf) if your system does not use Kalmia USB devices. Additionally, restrict physical USB access on production systems to prevent untrusted device connection, and monitor kernel logs for USB device enumeration errors. Consult your Linux distribution's security advisory portal for specific kernel version recommendations (e.g., Red Hat Security Advisories, Ubuntu Security Notices, Debian Security).

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23365 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy