VYPR
High severity7.1NVD Advisory· Published Sep 11, 2025· Updated Jun 17, 2026

CVE-2025-39760

CVE-2025-39760

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: core: config: Prevent OOB read in SS endpoint companion parsing

usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of the buffer size.

Fix this up by checking the size first before looking at any of the fields in the descriptor.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

198

Patches

Vulnerability mechanics

References

11

News mentions

1