CVE-2026-23082

MEDIUM EPSS 2.4%
Published Feb 4, 20264mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 4, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error In commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"), the URB was re-anchored before usb_submit_urb() in gs_usb_receive_bulk_callback() to prevent a leak of this URB during cleanup. However, this patch did not take into account that usb_submit_urb() could fail. The URB remains anchored and usb_kill_anchored_urbs(&parent->rx_submitted) in gs_can_close() loops infinitely since the anchor list never becomes empty. To fix the bug, unanchor the URB when an usb_submit_urb() error occurs, also print an info message.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-835

Affected Products 3

VendorProductVersionRange
linuxlinux_kernel6.12.67any
linuxlinux_kernel6.18.7any
linuxlinux_kernel6.19any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aa8a8866c533a150be4763bcb27993603bd5426c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3edc14da81a8d8398682f6e4ab819f09f37c0b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c610b550ccc0438d456dfe1df9f4f36254ccaae3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ce4352057fc5a986c76ece90801b9755e7c6e56c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/da01de754e455e2598a7f1ce4ff2078c4f0ecde1

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aa8a8866c533a150be4763bcb27993603bd5426c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3edc14da81a8d8398682f6e4ab819f09f37c0b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c610b550ccc0438d456dfe1df9f4f36254ccaae3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ce4352057fc5a986c76ece90801b9755e7c6e56c
    Patch