CVE-2026-43223
MEDIUM EPSS 2.8%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2_send_request_ex When pvr2_send_request_ex() submits a write URB successfully but fails to submit the read URB (e.g. returns -ENOMEM), it returns immediately without waiting for the write URB to complete. Since the driver reuses the same URB structure, a subsequent call to pvr2_send_request_ex() attempts to submit the still-active write URB, triggering a 'URB submitted while active' warning in usb_submit_urb(). Fix this by ensuring the write URB is unlinked and waited upon if the read URB submission fails.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
2.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-401
Affected Products 7
References 8
- git.kernel.org https://git.kernel.org/stable/c/2011929f0e4cf6a0a34dd6205911b12276904453
- git.kernel.org https://git.kernel.org/stable/c/4ba5c7a1aade7090172cbffd4d120bf4cf5ccbde
- git.kernel.org https://git.kernel.org/stable/c/58dd722b6c3debcddb4684fb256c90fee7f063e5
- git.kernel.org https://git.kernel.org/stable/c/5f3ac816861c3b8a5d1a3645b17dc3a99d668d94
- git.kernel.org https://git.kernel.org/stable/c/77a63f8efc434ddb04667ed632aade58301a2f13
- git.kernel.org https://git.kernel.org/stable/c/a8333c8262aed2aedf608c18edd39cf5342680a7
- git.kernel.org https://git.kernel.org/stable/c/cf459d6ffa5e150ef3744b897f936ff24b52bd15
- git.kernel.org https://git.kernel.org/stable/c/da524c939b1e5ba17f10db4bde4bdaf569ffcda6
Remediation
- git.kernel.org https://git.kernel.org/stable/c/2011929f0e4cf6a0a34dd6205911b12276904453
- git.kernel.org https://git.kernel.org/stable/c/4ba5c7a1aade7090172cbffd4d120bf4cf5ccbde
- git.kernel.org https://git.kernel.org/stable/c/58dd722b6c3debcddb4684fb256c90fee7f063e5
- git.kernel.org https://git.kernel.org/stable/c/5f3ac816861c3b8a5d1a3645b17dc3a99d668d94
- git.kernel.org https://git.kernel.org/stable/c/77a63f8efc434ddb04667ed632aade58301a2f13
- git.kernel.org https://git.kernel.org/stable/c/a8333c8262aed2aedf608c18edd39cf5342680a7
- git.kernel.org https://git.kernel.org/stable/c/cf459d6ffa5e150ef3744b897f936ff24b52bd15
- git.kernel.org https://git.kernel.org/stable/c/da524c939b1e5ba17f10db4bde4bdaf569ffcda6