Commit 4b063c002ca7 for kernel

commit 4b063c002ca759d1b299988ee23f564c9609c875
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date:   Mon Feb 23 14:00:06 2026 +0100

    net: usb: kaweth: validate USB endpoints

    The kaweth driver should validate that the device it is probing has the
    proper number and types of USB endpoints it is expecting before it binds
    to it.  If a malicious device were to not have the same urbs the driver
    will crash later on when it blindly accesses these endpoints.

    Cc: stable <stable@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Reviewed-by: Simon Horman <horms@kernel.org>
    Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
    Link: https://patch.msgid.link/2026022305-substance-virtual-c728@gregkh
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/drivers/net/usb/kaweth.c b/drivers/net/usb/kaweth.c
index e01d14f6c366..cb2472b59e10 100644
--- a/drivers/net/usb/kaweth.c
+++ b/drivers/net/usb/kaweth.c
@@ -883,6 +883,13 @@ static int kaweth_probe(
 	const eth_addr_t bcast_addr = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
 	int result = 0;
 	int rv = -EIO;
+	static const u8 bulk_ep_addr[] = {
+		1 | USB_DIR_IN,
+		2 | USB_DIR_OUT,
+		0};
+	static const u8 int_ep_addr[] = {
+		3 | USB_DIR_IN,
+		0};

 	dev_dbg(dev,
 		"Kawasaki Device Probe (Device number:%d): 0x%4.4x:0x%4.4x:0x%4.4x\n",
@@ -896,6 +903,12 @@ static int kaweth_probe(
 		(int)udev->descriptor.bLength,
 		(int)udev->descriptor.bDescriptorType);

+	if (!usb_check_bulk_endpoints(intf, bulk_ep_addr) ||
+	    !usb_check_int_endpoints(intf, int_ep_addr)) {
+		dev_err(dev, "couldn't find required endpoints\n");
+		return -ENODEV;
+	}
+
 	netdev = alloc_etherdev(sizeof(*kaweth));
 	if (!netdev)
 		return -ENOMEM;