VDB

DEBIAN-CVE-2026-23365

DEBIAN-CVE-2026-23365 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:12linux6.19~rc6-1~exp1, 6.3.1-1~exp1, 6.3.2-1~exp1
Debian:13linux0, 6.12.38-1, 6.12.41-1
Debian:14linux6.18.8-1, 6.12.38-1, 6.12.43-1
Debian:11linux-6.10, 6.1.106-3, 6.1.106-3
Debian:11linux6.1.38-4, 6.1.38-4, 6.1.4-1

Exploit Intelligence

Timeline

  • Mar 25, 2026 CVE Published
  • May 2, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›