CVE-2026-45923

NONE EPSS 5.6%
Published May 27, 20261mo ago · Modified Jun 17, 20262w ago
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catc_probe() fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usb_sndbulkpipe(usbdev, 1) and usb_rcvbulkpipe(usbdev, 1) for TX/RX - usb_rcvintpipe(usbdev, 2) for interrupt status A malformed USB device can present these endpoints with transfer types that differ from what the driver assumes. Add a catc_usb_ep enum for endpoint numbers, replacing magic constants throughout. Add usb_check_bulk_endpoints() and usb_check_int_endpoints() calls after usb_set_interface() to verify endpoint types before use, rejecting devices with mismatched descriptors at probe time. Similar to - commit 90b7f2961798 ("net: usb: rtl8150: enable basic endpoint checking") which fixed the issue in rtl8150.

Threat Intelligence

EPSS Exploit Probability
5.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 7

  • git.kernel.org https://git.kernel.org/stable/c/163d04897e57633c5d2e69734e4e4b22bb63f50d
  • git.kernel.org https://git.kernel.org/stable/c/1a42cfced8900d33d032c7ec338484855b61b8cc
  • git.kernel.org https://git.kernel.org/stable/c/36c28b028efba0f42218d41fed12c47ce217c1f1
  • git.kernel.org https://git.kernel.org/stable/c/9e7021d2aeae57c323a6f722ed7915686cdcc123
  • git.kernel.org https://git.kernel.org/stable/c/a488001a8197da4f9c413eec8f6acbff71c60145
  • git.kernel.org https://git.kernel.org/stable/c/ac7739b78ded519e1d9919a814da3b34120bec8c
  • git.kernel.org https://git.kernel.org/stable/c/eade522d3e6ac3f3bfb51bfa5b5b4b32bd0b846f

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.