CVE-2026-23307

MEDIUM EPSS 2.4%
Published Mar 25, 20263mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message When looking at the data in a USB urb, the actual_length is the size of the buffer passed to the driver, not the transfer_buffer_length which is set by the driver as the max size of the buffer. When parsing the messages in ems_usb_read_bulk_callback() properly check the size both at the beginning of parsing the message to make sure it is big enough for the expected structure, and at the end of the message to make sure we don't overflow past the end of the buffer for the next message.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel*≥2.6.32  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.167
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.77
linuxlinux_kernel*≥6.13  –  <6.18.17
linuxlinux_kernel*≥6.19  –  <6.19.7
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/1818974e1b5ef200e27f144c8cb8a246420bb54d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/18f75b9cbdc3703f15965425ab69dee509b07785
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1cf469026d4a2308eaa91d04dca4a900d07a5c2e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2833e13e2b099546abf5d40a483b4eb04ddd1f7b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/38a01c9700b0dcafe97dfa9dc7531bf4a245deff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aed172a2e2330131f0977d2acd3ec8883f413ec1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c703bbf8e9b4947e111c88d2ed09236a6772a471
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f10177e6c4575aedaea580ce67d792fab7a2235e
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1818974e1b5ef200e27f144c8cb8a246420bb54d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/18f75b9cbdc3703f15965425ab69dee509b07785
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1cf469026d4a2308eaa91d04dca4a900d07a5c2e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2833e13e2b099546abf5d40a483b4eb04ddd1f7b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/38a01c9700b0dcafe97dfa9dc7531bf4a245deff
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aed172a2e2330131f0977d2acd3ec8883f413ec1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c703bbf8e9b4947e111c88d2ed09236a6772a471
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f10177e6c4575aedaea580ce67d792fab7a2235e
    Patch