CVE-2026-31615

MEDIUM EPSS 2.6%
Published Apr 24, 20262mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 24, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesas_usb3: validate endpoint index in standard request handlers The GET_STATUS and SET/CLEAR_FEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by validating the number of endpoints actually match up with the number the device has before attempting to dereference a pointer based on this math. This is just like what was done in commit ee0d382feb44 ("usb: gadget: aspeed_udc: validate endpoint index for ast udc") for the aspeed driver.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥4.5  –  <6.6.136
linuxlinux_kernel*≥6.12  –  <6.12.83
linuxlinux_kernel*≥6.13  –  <6.18.24
linuxlinux_kernel*≥6.19  –  <6.19.14
linuxlinux_kernel*≥7.0  –  <7.0.1

References 9

  • git.kernel.org https://git.kernel.org/stable/c/1b2bfedccc4fb8c9572e1ea464f905424c91de2a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/360aa6e71870a175a6d86af905be2ca171639eb3
  • git.kernel.org https://git.kernel.org/stable/c/37f430b2240655e6b0199a92aa1057e4d621be51
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/44216e3dd4455b798899b50eedb0ec3831dff8e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7caaf76207f50c77abfd788380e19b2c23a94415
  • git.kernel.org https://git.kernel.org/stable/c/adb8014599fdf0818d3d93f1f74e06cd0bdec08d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c4e5ae6db2328d2d9ed55d3005a36c13faab0752
  • git.kernel.org https://git.kernel.org/stable/c/e3d42598f2995cdc07b7779874e7c5f8a1b773db
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f880aac8a57ebd92abfa685d45424b2998ac1059
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1b2bfedccc4fb8c9572e1ea464f905424c91de2a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/37f430b2240655e6b0199a92aa1057e4d621be51
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/44216e3dd4455b798899b50eedb0ec3831dff8e0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/adb8014599fdf0818d3d93f1f74e06cd0bdec08d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e3d42598f2995cdc07b7779874e7c5f8a1b773db
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f880aac8a57ebd92abfa685d45424b2998ac1059
    Patch