{"id":"CVE-2025-39760","summary":"usb: core: config: Prevent OOB read in SS endpoint companion parsing","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: core: config: Prevent OOB read in SS endpoint companion parsing\n\nusb_parse_ss_endpoint_companion() checks descriptor type before length,\nenabling a potentially odd read outside of the buffer size.\n\nFix this up by checking the size first before looking at any of the\nfields in the descriptor.","modified":"2026-04-02T12:48:08.721041Z","published":"2025-09-11T16:52:29.045Z","related":["ALSA-2026:1661","ALSA-2026:1662","ALSA-2026:2212","ALSA-2026:4012","SUSE-SU-2025:03600-1","SUSE-SU-2025:03614-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3751-1","SUSE-SU-2025:4057-1","SUSE-SU-2025:4132-1","SUSE-SU-2025:4141-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39760.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/058ad2b722812708fe90567875704ae36563e33b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4fe6f472f0beef4281e6f03bc38a910a33be663f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5badd56c711e2c8371d1670f9bd486697575423c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5c3097ede7835d3caf6543eb70ff689af4550cd2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9512510cee7d1becdb0e9413fdd3ab783e4e30ee"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9843bcb187cb933861f7805022e6873905f669e4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b10e0f868067c6f25bbfabdcf3e1e6432c24ca55"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cf16f408364efd8a68f39011a3b073c83a03612d"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39760.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-39760"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"842f16905dfc6743c1dd80c3d29b49ba3ab7f7c8"},{"fixed":"5c3097ede7835d3caf6543eb70ff689af4550cd2"},{"fixed":"058ad2b722812708fe90567875704ae36563e33b"},{"fixed":"b10e0f868067c6f25bbfabdcf3e1e6432c24ca55"},{"fixed":"5badd56c711e2c8371d1670f9bd486697575423c"},{"fixed":"9512510cee7d1becdb0e9413fdd3ab783e4e30ee"},{"fixed":"4fe6f472f0beef4281e6f03bc38a910a33be663f"},{"fixed":"9843bcb187cb933861f7805022e6873905f669e4"},{"fixed":"cf16f408364efd8a68f39011a3b073c83a03612d"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39760.json"}}],"schema_version":"1.7.5"}