In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of the buffer size. Fix this up by checking the size first before looking at any of the fields in the descriptor.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2025091145-CVE-2025-39760-2d5f@gregkh/T
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:1661 https://access.redhat.com/errata/RHSA-2026:1661
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:1662 https://access.redhat.com/errata/RHSA-2026:1662
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:2212 https://access.redhat.com/errata/RHSA-2026:2212
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:2759 https://access.redhat.com/errata/RHSA-2026:2759
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:2766 https://access.redhat.com/errata/RHSA-2026:2766
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:3124 https://access.redhat.com/errata/RHSA-2026:3124
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2026:3268 https://access.redhat.com/errata/RHSA-2026:3268
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:3267 https://access.redhat.com/errata/RHSA-2026:3267
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:3277 https://access.redhat.com/errata/RHSA-2026:3277
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:3293 https://access.redhat.com/errata/RHSA-2026:3293
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:3358 https://access.redhat.com/errata/RHSA-2026:3358
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:3360 https://access.redhat.com/errata/RHSA-2026:3360
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:3375 https://access.redhat.com/errata/RHSA-2026:3375
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2026:3388 https://access.redhat.com/errata/RHSA-2026:3388
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:3634 https://access.redhat.com/errata/RHSA-2026:3634
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2026:3685 https://access.redhat.com/errata/RHSA-2026:3685
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:4012 https://access.redhat.com/errata/RHSA-2026:4012