Back to search
CVE-2025-39760
Published: Sep 11, 2025
Modified: May 12, 2026
PUBLISHED
Description
In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of the buffer size. Fix this up by checking the size first before looking at any of the fields in the descriptor.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 842f16905dfc6743c1dd80c3d29b49ba3ab7f7c8 - < 5c3097ede7835d3caf6543eb70ff689af4550cd2affected 842f16905dfc6743c1dd80c3d29b49ba3ab7f7c8 - < 058ad2b722812708fe90567875704ae36563e33baffected 842f16905dfc6743c1dd80c3d29b49ba3ab7f7c8 - < b10e0f868067c6f25bbfabdcf3e1e6432c24ca55affected 842f16905dfc6743c1dd80c3d29b49ba3ab7f7c8 - < 5badd56c711e2c8371d1670f9bd486697575423caffected 842f16905dfc6743c1dd80c3d29b49ba3ab7f7c8 - < 9512510cee7d1becdb0e9413fdd3ab783e4e30ee+3 more versions |
Linux | Linux | affected 2.6.35unaffected 0 - < 2.6.35unaffected 5.10.241 - <= 5.10.*unaffected 5.15.190 - <= 5.15.*unaffected 6.1.149 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now