CVE-2026-23009 — Expired Pointer Dereference in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 94.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 25
Description
In the Linux kernel, the following vulnerability has been resolved:
xhci: sideband: don't dereference freed ring when removing sideband endpoint
xhci_sideband_remove_endpoint() incorrecly assumes that the endpoint is
running and has a valid transfer ring.
Lianqin reported a crash during suspend/wake-up stress testing, and
found the cause to be dereferencing a non-existing transfer ring
'ep->ring' during xhci_sideband_remove_endpoint().
The endpoint and its ring may be in unknown state if thi…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linuxde66754e9f8029f8ae955a588959b99cab56b506 — 34f6634dba87ef72b3c3a3a524be663adef7ab42+2
Patches
🔴Vulnerability Details
3OSV▶
CVE-2026-23009: In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci_↗2026-01-25
GHSA▶
GHSA-h2fj-cf53-2c8q: In the Linux kernel, the following vulnerability has been resolved:
xhci: sideband: don't dereference freed ring when removing sideband endpoint
xhc↗2026-01-25