CVE-2026-23312Improper Validation of Consistency within Input in Linux

CWE-1288Improper Validation of Consistency within Input9 documents8 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.

Affected Packages3 packages

Linuxlinux/linux_kernel2.6.126.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac27c7ebf5e45d2504d92ea294ac3828d58586491df+6

🔴Vulnerability Details

4
GHSA
GHSA-7v8h-qq4w-74wv: In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that2026-03-25
CVEList
net: usb: kaweth: validate USB endpoints2026-03-25
OSV
CVE-2026-23312: In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that th2026-03-25
OSV
net: usb: kaweth: validate USB endpoints2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: net: usb: kaweth: validate USB endpoints2026-03-25
Microsoft
net: usb: kaweth: validate USB endpoints2026-03-10
Debian
CVE-2026-23312: linux - In the Linux kernel, the following vulnerability has been resolved: net: usb: k...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23312 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23312 — Linux vulnerability | cvebase