CVE-2026-23058

EPSS -
Veröffentlicht 04.02.2026 16:07:41
Zuletzt bearbeitet 04.02.2026 17:16:16
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak

Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb:
gs_usb_receive_bulk_callback(): fix URB memory leak").

In ems_usb_open(), the URBs for USB-in transfers are allocated, added to
the dev->rx_submitted anchor and submitted. In the complete callback
ems_usb_read_bulk_callback(), the URBs are processed and resubmitted. In
ems_usb_close() the URBs are freed by calling
usb_kill_anchored_urbs(&dev->rx_submitted).

However, this does not take into account that the USB framework unanchors
the URB before the complete function is called. This means that once an
in-URB has been completed, it is no longer anchored and is ultimately not
released in ems_usb_close().

Fix the memory leak by anchoring the URB in the
ems_usb_read_bulk_callback() to the dev->rx_submitted anchor.

Betroffene Produkte Warnungen 0 Metriken 0 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < e9410fdd4d5f7eaa6526d8c80e83029d7c86a8e8

Version 702171adeed3607ee9603ec30ce081411e36ae42

Status affected

Version < 46a191ff7eeec33a2ccb2a1bfea34e18fbc5dc1a

Version 702171adeed3607ee9603ec30ce081411e36ae42

Status affected

Version < 68c62b3e53901846b5f68c5a8bade72a5d9c0b87

Version 702171adeed3607ee9603ec30ce081411e36ae42

Status affected

Version < 0ce73a0eb5a27070957b67fd74059b6da89cc516

Version 702171adeed3607ee9603ec30ce081411e36ae42

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.32

Status affected

Version < 2.6.32

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.122

Status unaffected

Version <= 6.12.*

Version 6.12.68

Status unaffected

Version <= 6.18.*

Version 6.18.8

Status unaffected

Version <= *

Version 6.19-rc7

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

Es wurden noch keine Metriken (CVSS, EPSS) zu dieser CVE veröffentlicht.

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/e9410fdd4d5f7eaa6526d8c80e83029d7c86a8e8

https://git.kernel.org/stable/c/46a191ff7eeec33a2ccb2a1bfea34e18fbc5dc1a

https://git.kernel.org/stable/c/68c62b3e53901846b5f68c5a8bade72a5d9c0b87

https://git.kernel.org/stable/c/0ce73a0eb5a27070957b67fd74059b6da89cc516

https://nvd.nist.gov/vuln/detail/CVE-2026-23058

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23058

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23058

EUVD