Linux kernel usb: kalmia driver crash due to missing endpoint validation
CVE-2026-23365 Published on March 25, 2026
net: usb: kalmia: validate USB endpoints
In the Linux kernel, the following vulnerability has been resolved:
net: usb: kalmia: validate USB endpoints
The kalmia driver should validate that the device it is probing has the
proper number and types of USB endpoints it is expecting before it binds
to it. If a malicious device were to not have the same urbs the driver
will crash later on when it blindly accesses these endpoints.
Products Associated with CVE-2026-23365
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version d40261236e8e278cb1936cb5e934262971692b10 and below 28a380bfa5bc7f6a9380b85e8eab919ee6ac1701 is affected.
- Version d40261236e8e278cb1936cb5e934262971692b10 and below 12c0243de0aee0ab27cc00932fd5edae65c1e3a2 is affected.
- Version d40261236e8e278cb1936cb5e934262971692b10 and below 51c20ea5f1555a984c041b0dbf56f00d41b9e652 is affected.
- Version d40261236e8e278cb1936cb5e934262971692b10 and below 011684cd18349aa4c52167c8ac37a0524169f48c is affected.
- Version d40261236e8e278cb1936cb5e934262971692b10 and below 7bfda1a0be4caec3263753d567678451cef73a85 is affected.
- Version d40261236e8e278cb1936cb5e934262971692b10 and below c58b6c29a4c9b8125e8ad3bca0637e00b71e2693 is affected.
- Version 3.0 is affected.
- Before 3.0 is unaffected.
- Version 6.1.167, <= 6.1.* is unaffected.
- Version 6.6.130, <= 6.6.* is unaffected.
- Version 6.12.77, <= 6.12.* is unaffected.
- Version 6.18.17, <= 6.18.* is unaffected.
- Version 6.19.7, <= 6.19.* is unaffected.
- Version 7.0-rc2, <= * is unaffected.