CVE-2026-23365 — Improper Validation of Specified Type of Input in Linux

CWE-1287 — Improper Validation of Specified Type of Input8 documents7 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 90.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.

Affected Packages5 packages

▶Linuxlinux/linux_kernel3.0.0 — 6.1.167+4

▶Debianlinux/linux_kernel< 6.19.8-1

▶msrcmsrc/azl3_kernel_6.6.126.1-1_on_azure_linux_3.0

▶CVEListV5linux/linuxd40261236e8e278cb1936cb5e934262971692b10 — 28a380bfa5bc7f6a9380b85e8eab919ee6ac1701+6

▶debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

OSV

CVE-2026-23365: In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that th↗2026-03-25

▶

GHSA

GHSA-m58v-8vcf-j347: In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that↗2026-03-25

▶

OSV

net: usb: kalmia: validate USB endpoints↗2026-03-25

▶

📋Vendor Advisories

Red Hat

kernel: net: usb: kalmia: validate USB endpoints↗2026-03-25

▶

Microsoft

net: usb: kalmia: validate USB endpoints↗2026-03-10

▶

Debian

CVE-2026-23365: linux - In the Linux kernel, the following vulnerability has been resolved: net: usb: k...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23365 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶