DEBIAN-CVE-2026-23312

DEBIAN-CVE-2026-23312 PUBLISHED CVSS 8.699999809265137 HIGH

In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.

Risk Scores

CVSS 4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:13	linux	6.12.74-2, *, 6.12.85-1
Debian:14	linux	6.18.15-1, 6.18.14-1, 6.18.13-1
Debian:11	linux-6.1	6.1.164-1, 0, 6.1.106-3
Debian:12	linux	6.1.106-1, *, 6.1.99-1
Debian:11	linux	6.1.55-1, 6.1.55-1, 6.1.64-1

Exploit Intelligence

4593.2.0.yml (github-poc)
4628.1.0.yml (github-poc)
2026-05-06_426_linux-signed-amd64.yaml (github-poc)

Timeline

Mar 25, 2026 CVE Published
May 2, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-23312 advisory

Open in Interactive Console →