CVE-2026-23061

EPSS -
Veröffentlicht 04.02.2026 16:07:43
Zuletzt bearbeitet 04.02.2026 17:16:16
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak

Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb:
gs_usb_receive_bulk_callback(): fix URB memory leak").

In kvaser_usb_set_{,data_}bittiming() -> kvaser_usb_setup_rx_urbs(), the
URBs for USB-in transfers are allocated, added to the dev->rx_submitted
anchor and submitted. In the complete callback
kvaser_usb_read_bulk_callback(), the URBs are processed and resubmitted. In
kvaser_usb_remove_interfaces() the URBs are freed by calling
usb_kill_anchored_urbs(&dev->rx_submitted).

However, this does not take into account that the USB framework unanchors
the URB before the complete function is called. This means that once an
in-URB has been completed, it is no longer anchored and is ultimately not
released in usb_kill_anchored_urbs().

Fix the memory leak by anchoring the URB in the
kvaser_usb_read_bulk_callback() to the dev->rx_submitted anchor.

Betroffene Produkte Warnungen 0 Metriken 0 CWE 0 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 7c308f7530bffafa994e0aa8dc651a312f4b9ff4

Version 080f40a6fa28dab299da7a652e444b1e2d9231e7

Status affected

Version < 94a7fc42e21c7d9d1c49778cd1db52de5df52a01

Version 080f40a6fa28dab299da7a652e444b1e2d9231e7

Status affected

Version < 3b1a593eab941c3f32417896cc7df564191f2482

Version 080f40a6fa28dab299da7a652e444b1e2d9231e7

Status affected

Version < 248e8e1a125fa875158df521b30f2cc7e27eeeaa

Version 080f40a6fa28dab299da7a652e444b1e2d9231e7

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 3.8

Status affected

Version < 3.8

Version 0

Status unaffected

Version <= 6.6.*

Version 6.6.122

Status unaffected

Version <= 6.12.*

Version 6.12.68

Status unaffected

Version <= 6.18.*

Version 6.18.8

Status unaffected

Version <= *

Version 6.19-rc7

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

Es wurden noch keine Metriken (CVSS, EPSS) zu dieser CVE veröffentlicht.

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/7c308f7530bffafa994e0aa8dc651a312f4b9ff4

https://git.kernel.org/stable/c/94a7fc42e21c7d9d1c49778cd1db52de5df52a01

https://git.kernel.org/stable/c/3b1a593eab941c3f32417896cc7df564191f2482

https://git.kernel.org/stable/c/248e8e1a125fa875158df521b30f2cc7e27eeeaa

https://nvd.nist.gov/vuln/detail/CVE-2026-23061

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23061

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23061

EUVD