5.5
CVE-2026-23061
- EPSS 0.12%
- Veröffentlicht 04.02.2026 16:07:43
- Zuletzt bearbeitet 13.03.2026 21:28:28
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak
In the Linux kernel, the following vulnerability has been resolved:
can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak
Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb:
gs_usb_receive_bulk_callback(): fix URB memory leak").
In kvaser_usb_set_{,data_}bittiming() -> kvaser_usb_setup_rx_urbs(), the
URBs for USB-in transfers are allocated, added to the dev->rx_submitted
anchor and submitted. In the complete callback
kvaser_usb_read_bulk_callback(), the URBs are processed and resubmitted. In
kvaser_usb_remove_interfaces() the URBs are freed by calling
usb_kill_anchored_urbs(&dev->rx_submitted).
However, this does not take into account that the USB framework unanchors
the URB before the complete function is called. This means that once an
in-URB has been completed, it is no longer anchored and is ultimately not
released in usb_kill_anchored_urbs().
Fix the memory leak by anchoring the URB in the
kvaser_usb_read_bulk_callback() to the dev->rx_submitted anchor.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 3.8 < 5.10.249
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.199
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.162
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.122
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.68
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.8
Linux ≫ Linux Kernel Version6.19 Updaterc1
Linux ≫ Linux Kernel Version6.19 Updaterc2
Linux ≫ Linux Kernel Version6.19 Updaterc3
Linux ≫ Linux Kernel Version6.19 Updaterc4
Linux ≫ Linux Kernel Version6.19 Updaterc5
Linux ≫ Linux Kernel Version6.19 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.024 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://git.kernel.org/stable/c/7c308f7530bffafa994e0aa8dc651a312f4b9ff4
https://git.kernel.org/stable/c/94a7fc42e21c7d9d1c49778cd1db52de5df52a01
https://git.kernel.org/stable/c/3b1a593eab941c3f32417896cc7df564191f2482
https://git.kernel.org/stable/c/248e8e1a125fa875158df521b30f2cc7e27eeeaa
https://git.kernel.org/stable/c/40a3334ffda479c63e416e61ff086485e24401f7
https://git.kernel.org/stable/c/c1b39fa24c140bc616f51fef4175c1743e2bb132
https://git.kernel.org/stable/c/d9d824582f2ec76459ffab449e9b05c7bc49645c