CVE-2026-23365
Description
In the Linux kernel, the following vulnerability has been resolved:
net: usb: kalmia: validate USB endpoints
The kalmia driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Linux kernel's kalmia USB driver lacks endpoint validation, allowing a malicious device to cause a crash by providing unexpected endpoint types.
Vulnerability
The Linux kernel's kalmia USB: kalmia` driver fails to validate the number and types of USB endpoints present on a device before binding to it. The driver assumes a specific endpoint configuration and will blindly access endpoints without checking if they exist or their types are correct. This missing validation can lead to a NULL pointer dereference or other memory safety issues when the driver attempts to use endpoints that do not exist or are of an unexpected type [1][2][3][4].
Exploitation
An attacker with physical access to the system can plug in a malicious USB device that presents itself as a kalmia device but does not have the expected endpoints. No authentication is required beyond the ability to connect a USB device. The attack surface is limited to systems where the kalmia driver is loaded and a malicious device can be attached.
Impact
If exploited, the vulnerability can cause a kernel crash (denial of service) due to the driver's unsafe access to invalid endpoint structures. The CVSS v3 score of 5.5 (Medium) reflects the requirement for physical access and the resulting availability impact.
Mitigation
The fix has been applied in the Linux kernel stable tree via commits [1][2][3][4]. Users should update their kernel to a version containing these patches. No workaround is available other than not using the kalmia driver or physically securing USB ports.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=3.0.1,<5.10.253
- cpe:2.3:o:linux:linux_kernel:3.0:-:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/011684cd18349aa4c52167c8ac37a0524169f48cnvdPatch
- git.kernel.org/stable/c/12c0243de0aee0ab27cc00932fd5edae65c1e3a2nvdPatch
- git.kernel.org/stable/c/185050b47df3d41e49f20ad01beea2e7b9cddaa7nvdPatch
- git.kernel.org/stable/c/28a380bfa5bc7f6a9380b85e8eab919ee6ac1701nvdPatch
- git.kernel.org/stable/c/51c20ea5f1555a984c041b0dbf56f00d41b9e652nvdPatch
- git.kernel.org/stable/c/7bfda1a0be4caec3263753d567678451cef73a85nvdPatch
- git.kernel.org/stable/c/c58b6c29a4c9b8125e8ad3bca0637e00b71e2693nvdPatch
- git.kernel.org/stable/c/ff675bc5b3e8c356f9d993d65d0bae6ed0dc7459nvdPatch
News mentions
0No linked articles in our index yet.