CVE-2026-23075

MEDIUM EPSS 2.4%
Published Feb 4, 20264mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 4, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In esd_usb_open(), the URBs for USB-in transfers are allocated, added to the dev->rx_submitted anchor and submitted. In the complete callback esd_usb_read_bulk_callback(), the URBs are processed and resubmitted. In esd_usb_close() the URBs are freed by calling usb_kill_anchored_urbs(&dev->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in esd_usb_close(). Fix the memory leak by anchoring the URB in the esd_usb_read_bulk_callback() to the dev->rx_submitted anchor.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥2.6.36  –  <5.10.249
linuxlinux_kernel*≥5.11  –  <5.15.199
linuxlinux_kernel*≥5.16  –  <6.1.162
linuxlinux_kernel*≥6.2  –  <6.6.122
linuxlinux_kernel*≥6.7  –  <6.12.68
linuxlinux_kernel*≥6.13  –  <6.18.8
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/5a4391bdc6c8357242f62f22069c865b792406b3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/92d26ce07ac3b7a850dc68c8d73d487b39c39b33
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/93b34d4ba7266030801a509c088ac77c0d7a12e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9d1807b442fc3286b204f8e59981b10e743533ce
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a9503ae43256e80db5cba9d449b238607164c51d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/adec5e1f9c99fe079ec4c92cca3f1109a3e257c3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc934d96673992af8568664c1b58e13eb164010d
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/5a4391bdc6c8357242f62f22069c865b792406b3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/92d26ce07ac3b7a850dc68c8d73d487b39c39b33
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/93b34d4ba7266030801a509c088ac77c0d7a12e9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9d1807b442fc3286b204f8e59981b10e743533ce
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a9503ae43256e80db5cba9d449b238607164c51d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/adec5e1f9c99fe079ec4c92cca3f1109a3e257c3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dc934d96673992af8568664c1b58e13eb164010d
    Patch