{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23365", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.002Z", "datePublished": "2026-03-25T10:27:47.609Z", "dateUpdated": "2026-03-25T10:27:47.609Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:47.609Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kalmia: validate USB endpoints\n\nThe kalmia driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it. If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/kalmia.c"], "versions": [{"version": "d40261236e8e278cb1936cb5e934262971692b10", "lessThan": "28a380bfa5bc7f6a9380b85e8eab919ee6ac1701", "status": "affected", "versionType": "git"}, {"version": "d40261236e8e278cb1936cb5e934262971692b10", "lessThan": "12c0243de0aee0ab27cc00932fd5edae65c1e3a2", "status": "affected", "versionType": "git"}, {"version": "d40261236e8e278cb1936cb5e934262971692b10", "lessThan": "51c20ea5f1555a984c041b0dbf56f00d41b9e652", "status": "affected", "versionType": "git"}, {"version": "d40261236e8e278cb1936cb5e934262971692b10", "lessThan": "011684cd18349aa4c52167c8ac37a0524169f48c", "status": "affected", "versionType": "git"}, {"version": "d40261236e8e278cb1936cb5e934262971692b10", "lessThan": "7bfda1a0be4caec3263753d567678451cef73a85", "status": "affected", "versionType": "git"}, {"version": "d40261236e8e278cb1936cb5e934262971692b10", "lessThan": "c58b6c29a4c9b8125e8ad3bca0637e00b71e2693", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/kalmia.c"], "versions": [{"version": "3.0", "status": "affected"}, {"version": "0", "lessThan": "3.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/28a380bfa5bc7f6a9380b85e8eab919ee6ac1701"}, {"url": "https://git.kernel.org/stable/c/12c0243de0aee0ab27cc00932fd5edae65c1e3a2"}, {"url": "https://git.kernel.org/stable/c/51c20ea5f1555a984c041b0dbf56f00d41b9e652"}, {"url": "https://git.kernel.org/stable/c/011684cd18349aa4c52167c8ac37a0524169f48c"}, {"url": "https://git.kernel.org/stable/c/7bfda1a0be4caec3263753d567678451cef73a85"}, {"url": "https://git.kernel.org/stable/c/c58b6c29a4c9b8125e8ad3bca0637e00b71e2693"}], "title": "net: usb: kalmia: validate USB endpoints", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: kalmia: validate USB endpoints\n\nThe kalmia driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it. If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints."}], "id": "CVE-2026-23365", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:35.710", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/011684cd18349aa4c52167c8ac37a0524169f48c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/12c0243de0aee0ab27cc00932fd5edae65c1e3a2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/28a380bfa5bc7f6a9380b85e8eab919ee6ac1701"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/51c20ea5f1555a984c041b0dbf56f00d41b9e652"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7bfda1a0be4caec3263753d567678451cef73a85"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c58b6c29a4c9b8125e8ad3bca0637e00b71e2693"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: usb: kalmia: validate USB endpoints", "id": "2451238", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451238"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1287", "details": ["A flaw was found in the Linux kernel's kalmia USB driver. This vulnerability occurs because the driver does not properly validate the number and types of USB endpoints when a device is connected. A local attacker with a specially crafted malicious USB device could exploit this flaw, causing the kalmia driver to crash. This leads to a Denial of Service (DoS) on the affected system."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the kalmia module from being loaded. See https://access.redhat.com/solutions/41278 for instructions."}, "name": "CVE-2026-23365", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23365\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23365\nhttps://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23365-76d3@gregkh/T"], "statement": "This flaw affects systems with the kalmia USB modem driver loaded. The missing endpoint validation allows a malicious USB device to cause a crash when the driver blindly accesses expected endpoints that don't exist. Physical access to connect a USB device is required. The kalmia driver is for Samsung Kalmia-based LTE modems.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-03-25T11:58:45.678267+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the kalmia driver patch"], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All Linux kernel implementations that include the kalmia driver are impacted, until the kernel is updated with the patch that enforces endpoint validation. The specific kernel versions affected are not enumerated in the available data, so any installation containing the older kalmia driver code is potentially vulnerable.", "description_and_impact": "The kalmia USB driver in the Linux kernel mistakenly accepts devices without validating the number and types of USB endpoints. When a device lacking the expected endpoints causes the driver to access undefined entries, the kernel crashes. This leads to a denial of service rather than remote code execution, as the crash occurs when the driver interacts with the malfunctioning device. The vulnerability hinges on improper input validation.", "risk_and_exploitability": "The lack of input checks makes the flaw easy to trigger if an attacker can present a malicious USB device to a Linux host. The attack vector is therefore local or physically connected devices, as the attacker must supply the counterfeit hardware. While the fix addresses a crash that could compromise availability, no evidence of remote exploitation or privilege escalation exists. The EPSS score is not reported, and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting moderate awareness. The overall risk is significant because an otherwise legitimate host can be forced to reboot or become unresponsive, impacting uptime and availability."}}}}, "created": "2026-03-25T21:31:50.680936+00:00", "updated": "2026-03-25T21:31:50.680961+00:00", "vendors": [], "weaknesses": ["CWE-20"]}