{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23365", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.002Z", "datePublished": "2026-03-25T10:27:47.609Z", "dateUpdated": "2026-03-25T10:27:47.609Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:47.609Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kalmia: validate USB endpoints\n\nThe kalmia driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it. If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/kalmia.c"], "versions": [{"version": "d40261236e8e278cb1936cb5e934262971692b10", "lessThan": "28a380bfa5bc7f6a9380b85e8eab919ee6ac1701", "status": "affected", "versionType": "git"}, {"version": "d40261236e8e278cb1936cb5e934262971692b10", "lessThan": "12c0243de0aee0ab27cc00932fd5edae65c1e3a2", "status": "affected", "versionType": "git"}, {"version": "d40261236e8e278cb1936cb5e934262971692b10", "lessThan": "51c20ea5f1555a984c041b0dbf56f00d41b9e652", "status": "affected", "versionType": "git"}, {"version": "d40261236e8e278cb1936cb5e934262971692b10", "lessThan": "011684cd18349aa4c52167c8ac37a0524169f48c", "status": "affected", "versionType": "git"}, {"version": "d40261236e8e278cb1936cb5e934262971692b10", "lessThan": "7bfda1a0be4caec3263753d567678451cef73a85", "status": "affected", "versionType": "git"}, {"version": "d40261236e8e278cb1936cb5e934262971692b10", "lessThan": "c58b6c29a4c9b8125e8ad3bca0637e00b71e2693", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/kalmia.c"], "versions": [{"version": "3.0", "status": "affected"}, {"version": "0", "lessThan": "3.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/28a380bfa5bc7f6a9380b85e8eab919ee6ac1701"}, {"url": "https://git.kernel.org/stable/c/12c0243de0aee0ab27cc00932fd5edae65c1e3a2"}, {"url": "https://git.kernel.org/stable/c/51c20ea5f1555a984c041b0dbf56f00d41b9e652"}, {"url": "https://git.kernel.org/stable/c/011684cd18349aa4c52167c8ac37a0524169f48c"}, {"url": "https://git.kernel.org/stable/c/7bfda1a0be4caec3263753d567678451cef73a85"}, {"url": "https://git.kernel.org/stable/c/c58b6c29a4c9b8125e8ad3bca0637e00b71e2693"}], "title": "net: usb: kalmia: validate USB endpoints", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kalmia: validate USB endpoints\n\nThe kalmia driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it. If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints."}], "id": "CVE-2026-23365", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:35.710", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/011684cd18349aa4c52167c8ac37a0524169f48c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/12c0243de0aee0ab27cc00932fd5edae65c1e3a2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/28a380bfa5bc7f6a9380b85e8eab919ee6ac1701"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/51c20ea5f1555a984c041b0dbf56f00d41b9e652"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7bfda1a0be4caec3263753d567678451cef73a85"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c58b6c29a4c9b8125e8ad3bca0637e00b71e2693"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: usb: kalmia: validate USB endpoints", "id": "2451238", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451238"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1287", "details": ["A flaw was found in the Linux kernel's kalmia USB driver. This vulnerability occurs because the driver does not properly validate the number and types of USB endpoints when a device is connected. A local attacker with a specially crafted malicious USB device could exploit this flaw, causing the kalmia driver to crash. This leads to a Denial of Service (DoS) on the affected system."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the kalmia module from being loaded. See https://access.redhat.com/solutions/41278 for instructions."}, "name": "CVE-2026-23365", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23365\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23365\nhttps://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23365-76d3@gregkh/T"], "statement": "This flaw affects systems with the kalmia USB modem driver loaded. The missing endpoint validation allows a malicious USB device to cause a crash when the driver blindly accesses expected endpoints that don't exist. Physical access to connect a USB device is required. The kalmia driver is for Samsung Kalmia-based LTE modems.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d40261236e8e278cb1936cb5e934262971692b10,28a380bfa5bc7f6a9380b85e8eab919ee6ac1701)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d40261236e8e278cb1936cb5e934262971692b10,12c0243de0aee0ab27cc00932fd5edae65c1e3a2)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d40261236e8e278cb1936cb5e934262971692b10,51c20ea5f1555a984c041b0dbf56f00d41b9e652)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d40261236e8e278cb1936cb5e934262971692b10,011684cd18349aa4c52167c8ac37a0524169f48c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d40261236e8e278cb1936cb5e934262971692b10,7bfda1a0be4caec3263753d567678451cef73a85)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[d40261236e8e278cb1936cb5e934262971692b10,c58b6c29a4c9b8125e8ad3bca0637e00b71e2693)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,3.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0-rc2,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-03-26T03:31:54.556906+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the kalmia endpoint validation fix.", "If a kernel update is not immediately possible, unload or disable the kalmia driver by preventing it from binding to devices (e.g., using modprobe blacklist or kernel command line options).", "Verify that no untrusted USB devices are connected during kernel operation, and consider using USB device filtering or restriction mechanisms.", "Monitor kernel logs for related crash messages to detect attempted exploitation."], "summary": {"action": "Apply Patch", "impact": "Denial of Service (kernel crash)"}, "threat_synthesis": {"affected_systems": "All Linux kernel installations that include the kalmia driver are affected. The vulnerability is present in every kernel release before the fix is applied, regardless of distribution. No specific version range is provided; therefore any host running an unpatched kernel is vulnerable.", "description_and_impact": "The kalmia USB driver in the Linux kernel does not verify that the device it binds to has the expected number and types of USB endpoints. The lack of validation results in dereferencing invalid endpoint references once the device is considered bound, causing the driver to crash the kernel. This leads to a denial of service on the host and may allow an attacker with access to the device to disrupt system availability. The weakness is classified under CWE\u201120 (Improper Input Validation) and CWE\u20111287 (Use of Undefined or Uninitialized Data).", "risk_and_exploitability": "The CVSS base score of 5.5 indicates a moderate risk, and the EPSS score of under 1% suggests a low probability of active exploitation. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to connect a malicious USB device to the target machine, which implies physical or local access. Once the device is attached, the driver\u2019s unchecked dereference will bring the kernel down, causing a crash. Because the flaw is limited to the kernel driver, privilege escalation is not directly achieved; however, the denial of service can be a stepping stone for further attacks."}}}}, "created": "2026-03-25T21:31:50.680936+00:00", "updated": "2026-03-26T12:15:53.472111+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}