CVE-2026-45923
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel within the USB catc module, due to a lack of endpoint descriptor verification. As a result, malformed USB devices can present incorrect transfer types, potentially leading to unexpected behavior.
Risk Assessment
Organizations may be exposed to attacks using malformed USB devices, which could lead to unauthorized access or system instability. In particular, devices with mismatched descriptors may cause communication issues.
Recommendation
It is recommended to update the Linux kernel to a version that includes fixes for this vulnerability. Additionally, monitor connected USB devices and verify their compliance with system requirements.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catc_probe() fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usb_sndbulkpipe(usbdev, 1) and usb_rcvbulkpipe(usbdev, 1) for TX/RX - usb_rcvintpipe(usbdev, 2) for interrupt status A malformed USB device can present these endpoints with transfer types that differ from what the driver assumes. Add a catc_usb_ep enum for endpoint numbers, replacing magic constants throughout. Add usb_check_bulk_endpoints() and usb_check_int_endpoints() calls after usb_set_interface() to verify endpoint types before use, rejecting devices with mismatched descriptors at probe time. Similar to - commit 90b7f2961798 ("net: usb: rtl8150: enable basic endpoint checking") which fixed the issue in rtl8150.

