PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23365 Linux CVE debrief

The Linux kernel has a vulnerability in the net: usb: kalmia module. The kalmia driver does not validate the USB endpoints of a device before binding to it, which can cause a crash if a malicious device is used. This vulnerability has been resolved by adding endpoint validation. Affected users should validate their systems and apply patches if necessary. The vulnerability requires a malicious device to be connected to the system, and the impact is considered medium priority.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-25
Original CVE updated
2026-07-14
Advisory published
2026-03-25
Advisory updated
2026-07-14

Who should care

Users of Linux kernel versions 3.0.1 to 6.19.7, and 7.0 rc1 to rc7, should validate their systems for this vulnerability and apply patches if necessary. System administrators and security teams responsible for Linux-based systems should review their deployments and ensure that necessary mitigations are in place. This vulnerability may impact system stability and security if not properly addressed.

Technical summary

The kalmia driver in the Linux kernel does not validate the number and types of USB endpoints of a device before binding to it. This can lead to a crash if a malicious device with a different number or type of endpoints is used. The vulnerability has been resolved by adding endpoint validation to the kalmia driver. Affected Linux kernel versions include 3.0.1 to 6.19.7, and 7.0 rc1 to rc7. Users should review their system configurations and apply patches to fix the vulnerability.

Defensive priority

Medium priority, as the vulnerability requires a malicious device to be connected to the system.

Recommended defensive actions

  • Validate the USB endpoints of devices before binding to them
  • Apply patches to the Linux kernel to fix the vulnerability
  • Monitor systems for potential crashes or issues with USB devices
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The vulnerability was resolved by adding endpoint validation to the kalmia driver. The Linux kernel versions 3.0.1 to 6.19.7, and 7.0 rc1 to rc7, are affected. Further verification is needed to confirm the scope of affected deployments and to apply patches or mitigations as necessary. Evidence limits suggest that additional details may be required to fully understand the vulnerability and its impact.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-25T11:16:35.710Z and has not been modified since then. The NVD entry is currently Modified.