CVE-2026-23031

EPSS 0.02%
Veröffentlicht 31.01.2026 11:42:09
Zuletzt bearbeitet 03.02.2026 16:44:36
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak

In gs_can_open(), the URBs for USB-in transfers are allocated, added to the
parent->rx_submitted anchor and submitted. In the complete callback
gs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In
gs_can_close() the URBs are freed by calling
usb_kill_anchored_urbs(parent->rx_submitted).

However, this does not take into account that the USB framework unanchors
the URB before the complete function is called. This means that once an
in-URB has been completed, it is no longer anchored and is ultimately not
released in gs_can_close().

Fix the memory leak by anchoring the URB in the
gs_usb_receive_bulk_callback() to the parent->rx_submitted anchor.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < f905bcfa971edb89e398c98957838d8c6381c0c7

Version d08e973a77d128b25e01a08c34d89593fdf222da

Status affected

Version < 08624b7206ddb9148eeffc2384ebda2c47b6d1e9

Version d08e973a77d128b25e01a08c34d89593fdf222da

Status affected

Version < 9f669a38ca70839229b7ba0f851820850a2fe1f7

Version d08e973a77d128b25e01a08c34d89593fdf222da

Status affected

Version < 7352e1d5932a0e777e39fa4b619801191f57e603

Version d08e973a77d128b25e01a08c34d89593fdf222da

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.16

Status affected

Version < 3.16

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.122

Status unaffected

Version <= 6.12.*

Version 6.12.67

Status unaffected

Version <= 6.18.*

Version 6.18.7

Status unaffected

Version <= *

Version 6.19-rc6

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.035

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/f905bcfa971edb89e398c98957838d8c6381c0c7

https://git.kernel.org/stable/c/08624b7206ddb9148eeffc2384ebda2c47b6d1e9

https://git.kernel.org/stable/c/9f669a38ca70839229b7ba0f851820850a2fe1f7

https://git.kernel.org/stable/c/7352e1d5932a0e777e39fa4b619801191f57e603

https://nvd.nist.gov/vuln/detail/CVE-2026-23031

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23031

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23031

EUVD