CVE-2026-23108

MEDIUM EPSS 2.7%
Published Feb 4, 20264mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 4, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In usb_8dev_open() -> usb_8dev_start(), the URBs for USB-in transfers are allocated, added to the priv->rx_submitted anchor and submitted. In the complete callback usb_8dev_read_bulk_callback(), the URBs are processed and resubmitted. In usb_8dev_close() -> unlink_all_urbs() the URBs are freed by calling usb_kill_anchored_urbs(&priv->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in usb_kill_anchored_urbs(). Fix the memory leak by anchoring the URB in the usb_8dev_read_bulk_callback() to the priv->rx_submitted anchor.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥3.9  –  <5.10.249
linuxlinux_kernel*≥5.11  –  <5.15.199
linuxlinux_kernel*≥5.16  –  <6.1.162
linuxlinux_kernel*≥6.2  –  <6.6.122
linuxlinux_kernel*≥6.7  –  <6.12.68
linuxlinux_kernel*≥6.13  –  <6.18.8
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/07e9373739c6388af9d99797cdb2e79dbbcbe92b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59ff56992bba28051ad67cd8cc7b0edfe7280796
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/60719661b4cbd7ffbed1a0e0fa3bbc82d8bd2be9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea4a98e924164586066b39f29bfcc7cc9da108cd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef6e608e5ee71eca0cd3475c737e684cef24f240
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f7a980b3b8f80fe367f679da376cf76e800f9480
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/feb8243eaea7efd5279b19667d7189fd8654c87a
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/07e9373739c6388af9d99797cdb2e79dbbcbe92b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/59ff56992bba28051ad67cd8cc7b0edfe7280796
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/60719661b4cbd7ffbed1a0e0fa3bbc82d8bd2be9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ea4a98e924164586066b39f29bfcc7cc9da108cd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ef6e608e5ee71eca0cd3475c737e684cef24f240
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f7a980b3b8f80fe367f679da376cf76e800f9480
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/feb8243eaea7efd5279b19667d7189fd8654c87a
    Patch