CVE-2026-23009

EPSS 0.02%
Veröffentlicht 25.01.2026 14:36:22
Zuletzt bearbeitet 26.01.2026 15:03:33
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

xhci: sideband: don't dereference freed ring when removing sideband endpoint

xhci_sideband_remove_endpoint() incorrecly assumes that the endpoint is
running and has a valid transfer ring.

Lianqin reported a crash during suspend/wake-up stress testing, and
found the cause to be dereferencing a non-existing transfer ring
'ep->ring' during xhci_sideband_remove_endpoint().

The endpoint and its ring may be in unknown state if this function
is called after xHCI was reinitialized in resume (lost power), or if
device is being re-enumerated, disconnected or endpoint already dropped.

Fix this by both removing unnecessary ring access, and by checking
ep->ring exists before dereferencing it. Also make sure endpoint is
running before attempting to stop it.

Remove the xhci_initialize_ring_info() call during sideband endpoint
removal as is it only initializes ring structure enqueue, dequeue and
cycle state values to their starting values without changing actual
hardware enqueue, dequeue and cycle state. Leaving them out of sync
is worse than leaving it as it is. The endpoint will get freed in after
this in most usecases.

If the (audio) class driver want's to reuse the endpoint after offload
then it is up to the class driver to ensure endpoint is properly set up.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 34f6634dba87ef72b3c3a3a524be663adef7ab42

Version de66754e9f8029f8ae955a588959b99cab56b506

Status affected

Version < dd83dc1249737b837ac5d57c81f2b0977c613d9f

Version de66754e9f8029f8ae955a588959b99cab56b506

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.16

Status affected

Version < 6.16

Version 0

Status unaffected

Version <= 6.18.*

Version 6.18.7

Status unaffected

Version <= *

Version 6.19-rc6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/34f6634dba87ef72b3c3a3a524be663adef7ab42

https://git.kernel.org/stable/c/dd83dc1249737b837ac5d57c81f2b0977c613d9f

https://nvd.nist.gov/vuln/detail/CVE-2026-23009

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23009

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23009

EUVD