CVE-2026-45923
Awaiting Analysis Awaiting Analysis - Queue
USB Endpoint Type Mismatch in Linux Kernel

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catc_probe() fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usb_sndbulkpipe(usbdev, 1) and usb_rcvbulkpipe(usbdev, 1) for TX/RX - usb_rcvintpipe(usbdev, 2) for interrupt status A malformed USB device can present these endpoints with transfer types that differ from what the driver assumes. Add a catc_usb_ep enum for endpoint numbers, replacing magic constants throughout. Add usb_check_bulk_endpoints() and usb_check_int_endpoints() calls after usb_set_interface() to verify endpoint types before use, rejecting devices with mismatched descriptors at probe time. Similar to - commit 90b7f2961798 ("net: usb: rtl8150: enable basic endpoint checking") which fixed the issue in rtl8150.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45923
EUVD
EUVD-2026-32389
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's USB network driver for the catc device. The catc_probe() function fills three USB Request Blocks (URBs) with hardcoded endpoint pipes without verifying the actual endpoint descriptors provided by the USB device.

A malformed USB device can present endpoints with transfer types that differ from what the driver expects, potentially causing incorrect behavior or security issues.

The fix involves adding an enumeration for endpoint numbers to replace magic constants and adding checks (usb_check_bulk_endpoints() and usb_check_int_endpoints()) after setting the USB interface to verify that the endpoint types match the expected types before use, rejecting devices with mismatched descriptors during probe time.

Impact Analysis

If exploited, this vulnerability could allow a malformed USB device to cause the driver to operate on endpoints with unexpected transfer types, which may lead to incorrect driver behavior or potential security risks such as data corruption or denial of service.

Mitigation Strategies

The vulnerability is resolved by enabling basic endpoint checking in the catc USB driver within the Linux kernel.

To mitigate this vulnerability, ensure your Linux kernel is updated to a version that includes the fix which adds verification of endpoint types after usb_set_interface(), rejecting devices with mismatched descriptors at probe time.

Detection Guidance

This vulnerability involves the Linux kernel's catc USB driver accepting malformed USB devices that present endpoint descriptors with transfer types differing from what the driver expects.

Detection would involve verifying the USB device endpoint descriptors to ensure they match the expected transfer types for the catc driver endpoints.

Since the vulnerability is related to USB endpoint descriptor mismatches, you can inspect connected USB devices and their endpoint descriptors using standard Linux USB inspection commands.

  • Use `lsusb -v` to list detailed USB device descriptors, including endpoint information.
  • Look specifically for devices using the catc driver and check if the endpoints 1 (bulk IN/OUT) and 2 (interrupt IN) have the correct transfer types.
  • Commands like `usb-devices` can also provide endpoint information.
  • There is no specific command provided in the context to automatically detect this vulnerability, but manual inspection of USB endpoint descriptors against expected types is the suggested approach.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45923. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart