Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesas_usb3: validate endpoint index in standard request handlers The GET_STATUS and SET/CLEAR_FEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of validation. Fix this up by validating the number of endpoints actually match up with the number the device has before attempting to dereference a pointer based on this math. This is just like what was done in commit ee0d382feb44 ("usb: gadget: aspeed_udc: validate endpoint index for ast udc") for the aspeed driver.

INFO

Published Date :

2026-04-24T14:42:34.806Z

Last Modified :

2026-04-27T13:56:53.705Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31615 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31615.

URL Resource
https://git.kernel.org/stable/c/1b2bfedccc4fb8c9572e1ea464f905424c91de2a cve-icon cve-icon
https://git.kernel.org/stable/c/37f430b2240655e6b0199a92aa1057e4d621be51 cve-icon cve-icon
https://git.kernel.org/stable/c/44216e3dd4455b798899b50eedb0ec3831dff8e0 cve-icon cve-icon
https://git.kernel.org/stable/c/adb8014599fdf0818d3d93f1f74e06cd0bdec08d cve-icon cve-icon
https://git.kernel.org/stable/c/e3d42598f2995cdc07b7779874e7c5f8a1b773db cve-icon cve-icon
https://git.kernel.org/stable/c/f880aac8a57ebd92abfa685d45424b2998ac1059 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026042423-CVE-2026-31615-f19f@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-31615 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-31615 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact