{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23312", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.994Z", "datePublished": "2026-03-25T10:27:07.916Z", "dateUpdated": "2026-05-11T22:04:27.060Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:04:27.060Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kaweth: validate USB endpoints\n\nThe kaweth driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it. If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/kaweth.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "3b5075e4ce97d1a1ce82ff3fb6308761987a48bb", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "6c986abd2a5033633c6e6f9dd135cf96b19c7fdf", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7c7ebf5e45d2504d92ea294ac3828d58586491df", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "72f90f481c6a059680b9b976695d4cfb04fba1f3", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "f33e80d195a003b384620ee240f69092b519146b", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "2795fc06e7652c0ba299d936c584d5e08b6b57a1", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "0aae18e4638a7c1c579df92bc6edc36cedfaaa8c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "4b063c002ca759d1b299988ee23f564c9609c875", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/kaweth.c"], "versions": [{"version": "2.6.12", "status": "affected"}, {"version": "0", "lessThan": "2.6.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3b5075e4ce97d1a1ce82ff3fb6308761987a48bb"}, {"url": "https://git.kernel.org/stable/c/6c986abd2a5033633c6e6f9dd135cf96b19c7fdf"}, {"url": "https://git.kernel.org/stable/c/7c7ebf5e45d2504d92ea294ac3828d58586491df"}, {"url": "https://git.kernel.org/stable/c/72f90f481c6a059680b9b976695d4cfb04fba1f3"}, {"url": "https://git.kernel.org/stable/c/f33e80d195a003b384620ee240f69092b519146b"}, {"url": "https://git.kernel.org/stable/c/2795fc06e7652c0ba299d936c584d5e08b6b57a1"}, {"url": "https://git.kernel.org/stable/c/0aae18e4638a7c1c579df92bc6edc36cedfaaa8c"}, {"url": "https://git.kernel.org/stable/c/4b063c002ca759d1b299988ee23f564c9609c875"}], "title": "net: usb: kaweth: validate USB endpoints", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kaweth: validate USB endpoints\n\nThe kaweth driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it. If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: usb: kaweth: validar los puntos finales USB\n\nEl controlador kaweth deber\u00eda validar que el dispositivo que est\u00e1 sondeando tiene el n\u00famero y los tipos adecuados de puntos finales USB que espera antes de vincularse a \u00e9l. Si un dispositivo malicioso no tuviera los mismos urbs, el controlador se bloquear\u00e1 m\u00e1s adelante cuando acceda ciegamente a estos puntos finales."}], "id": "CVE-2026-23312", "lastModified": "2026-04-18T09:16:18.510", "metrics": {}, "published": "2026-03-25T11:16:27.463", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0aae18e4638a7c1c579df92bc6edc36cedfaaa8c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2795fc06e7652c0ba299d936c584d5e08b6b57a1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3b5075e4ce97d1a1ce82ff3fb6308761987a48bb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4b063c002ca759d1b299988ee23f564c9609c875"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6c986abd2a5033633c6e6f9dd135cf96b19c7fdf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/72f90f481c6a059680b9b976695d4cfb04fba1f3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7c7ebf5e45d2504d92ea294ac3828d58586491df"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f33e80d195a003b384620ee240f69092b519146b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: usb: kaweth: validate USB endpoints", "id": "2451228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451228"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1288", "details": ["A flaw was found in the Linux kernel's kaweth driver. A malicious USB device can exploit this vulnerability by not providing the expected number and types of USB endpoints during device probing. The driver fails to validate these endpoints, leading to an attempt to blindly access them, which can cause the driver to crash. This results in a Denial of Service (DoS) for the affected system."], "name": "CVE-2026-23312", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23312\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23312\nhttps://lore.kernel.org/linux-cve-announce/2026032529-CVE-2026-23312-2b11@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,7c7ebf5e45d2504d92ea294ac3828d58586491df)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,72f90f481c6a059680b9b976695d4cfb04fba1f3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,f33e80d195a003b384620ee240f69092b519146b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,2795fc06e7652c0ba299d936c584d5e08b6b57a1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,0aae18e4638a7c1c579df92bc6edc36cedfaaa8c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,4b063c002ca759d1b299988ee23f564c9609c875)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.6.12"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,2.6.12)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc2,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-03-26T14:01:14.447846+00:00", "value": {"mitigation_remediation": ["Update the kernel to a version that includes the patch validating USB endpoints (e.g., apply the commit referenced in the advisory).", "If an immediate kernel upgrade is not possible, disable the kaweth driver by unloading it with modprobe -r kaweth or removing it from the kernel configuration.", "Continuously monitor system logs for USB\u2011related panics and consider temporarily disabling USB peripherals until the official patch is installed."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds that include the kaweth driver before the fix are affected, including the current stable releases. Any host that can load this driver and connect a USB device is within the risk scope.", "description_and_impact": "The kaweth driver fails to verify the number and type of USB endpoints exposed by a device it binds to. If a malicious USB device presents an unexpected set of endpoints, the driver later accesses non\u2011existent or wrong endpoints and crashes, causing a kernel panic. This results in a denial of service on the affected system.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1% denotes a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires physical or logical access to a machine to plug in a crafted USB device, making it a local attack that needs an attacker to supply the malicious device."}}}}, "created": "2026-03-25T21:15:17.343206+00:00", "updated": "2026-03-27T09:49:56.338022+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}