Linux Kernel Vulnerability in xHCI Sideband Endpoint Management
CVE-2026-23009

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 January 2026

What is CVE-2026-23009?

A vulnerability exists within the Linux kernel related to improper management of xHCI sideband endpoints. The issue arises when the function xhci_sideband_remove_endpoint() makes incorrect assumptions about the state of the endpoint and its associated transfer ring. If called after reinitialization or during device disconnection or re-enumeration, this function may dereference a non-existent transfer ring, leading to a system crash during suspend/wake-up stress tests. The resolution involves validating the existence of the endpoint's ring before dereferencing it and ensuring that the endpoint is in an operational state prior to shutdown. Additionally, unnecessary calls to xhci_initialize_ring_info() during endpoint removal have been eliminated to avoid state inconsistencies that could further complicate proper endpoint management.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch