PatchSiren cyber security CVE debrief
CVE-2026-23365 Linux CVE debrief
The Linux kernel has a vulnerability in the net: usb: kalmia module. The kalmia driver does not validate the USB endpoints of a device before binding to it, which can cause a crash if a malicious device is used. This vulnerability has been resolved by adding endpoint validation. Affected users should validate their systems and apply patches if necessary. The vulnerability requires a malicious device to be connected to the system, and the impact is considered medium priority.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-25
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-03-25
- Advisory updated
- 2026-07-14
Who should care
Users of Linux kernel versions 3.0.1 to 6.19.7, and 7.0 rc1 to rc7, should validate their systems for this vulnerability and apply patches if necessary. System administrators and security teams responsible for Linux-based systems should review their deployments and ensure that necessary mitigations are in place. This vulnerability may impact system stability and security if not properly addressed.
Technical summary
The kalmia driver in the Linux kernel does not validate the number and types of USB endpoints of a device before binding to it. This can lead to a crash if a malicious device with a different number or type of endpoints is used. The vulnerability has been resolved by adding endpoint validation to the kalmia driver. Affected Linux kernel versions include 3.0.1 to 6.19.7, and 7.0 rc1 to rc7. Users should review their system configurations and apply patches to fix the vulnerability.
Defensive priority
Medium priority, as the vulnerability requires a malicious device to be connected to the system.
Recommended defensive actions
- Validate the USB endpoints of devices before binding to them
- Apply patches to the Linux kernel to fix the vulnerability
- Monitor systems for potential crashes or issues with USB devices
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The vulnerability was resolved by adding endpoint validation to the kalmia driver. The Linux kernel versions 3.0.1 to 6.19.7, and 7.0 rc1 to rc7, are affected. Further verification is needed to confirm the scope of affected deployments and to apply patches or mitigations as necessary. Evidence limits suggest that additional details may be required to fully understand the vulnerability and its impact.
Official resources
-
CVE-2026-23365 CVE record
CVE.org
-
CVE-2026-23365 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:35.710Z and has not been modified since then. The NVD entry is currently Modified.