CVE-2025-39760

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel contains a flaw within the USB core configuration parsing process. Specifically, the usb parse ss endpoint companion() function did not properly validate the size of the descriptor before accessing its fields, potentially leading to an out-of-bounds read. The fix involves checking the descriptor size before accessing any of its fields.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.