CVE-2026-45923 in Linuxthông tin

Tóm tắt

Bởi MITRE • 27/05/2026

In the Linux kernel, the following vulnerability has been resolved:

net: usb: catc: enable basic endpoint checking

catc_probe() fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors:

- usb_sndbulkpipe(usbdev, 1) and usb_rcvbulkpipe(usbdev, 1) for TX/RX - usb_rcvintpipe(usbdev, 2) for interrupt status

A malformed USB device can present these endpoints with transfer types that differ from what the driver assumes.

Add a catc_usb_ep enum for endpoint numbers, replacing magic constants throughout. Add usb_check_bulk_endpoints() and usb_check_int_endpoints() calls after usb_set_interface() to verify endpoint types before use, rejecting devices with mismatched descriptors at probe time.

Similar to - commit 90b7f2961798 ("net: usb: rtl8150: enable basic endpoint checking") which fixed the issue in rtl8150.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

chịu trách nhiệm

Linux

Đặt trước

13/05/2026

Tiết lộ

27/05/2026

Kiểm duyệt

được chấp nhận

mục

VDB-366137

CPE

sẵn sàng

CWE

Không xác định

CVSS

4.6 (VulDB)

EPSS

0.00032

KEV

không

Các hoạt động

thấp

ngành

Agriculture, Finance, ...

Nguồn

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-45923
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-45923
CVE Details	https://www.cvedetails.com/cve/CVE-2026-45923/

◂ Trước Tổng Quan Tiếp theo ▸

Interested in the pricing of exploits?

See the underground prices here!