VDB
CVE-2026-31615
CVE-2026-31615
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesas_usb3: validate endpoint index in standard request handlers The GET_STATUS and SET/CLEAR_FEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by validating the number of endpoints actually match up with the number the device has before attempting to dereference a pointer based on this math. This is just like what was done in commit ee0d382feb44 ("usb: gadget: aspeed_udc: validate endpoint index for ast udc") for the aspeed driver.
EPSS 0.02% · 5.5th percentile
Risk Scores
EPSS Score
0.02%
5.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 0, 0, 0 |
| Linux | Linux | *, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
Timeline
- Apr 24, 2026 CVE Published
- Apr 24, 2026 Security Advisory
- Apr 27, 2026 Security Advisory
- Apr 28, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/adb8014599fdf0818d3d93f1f74e06cd0bdec08d url
- https://git.kernel.org/stable/c/44216e3dd4455b798899b50eedb0ec3831dff8e0 url
- https://git.kernel.org/stable/c/37f430b2240655e6b0199a92aa1057e4d621be51 url
- https://git.kernel.org/stable/c/e3d42598f2995cdc07b7779874e7c5f8a1b773db url
- https://nvd.nist.gov/vuln/detail/CVE-2026-31615 advisory
- https://lists.debian.org/debian-security-announce/2026/msg00154.html advisory
- https://lists.debian.org/debian-security-announce/2026/msg00148.html advisory