5.5

CVE-2026-23075

can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak

In the Linux kernel, the following vulnerability has been resolved:

can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak

Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb:
gs_usb_receive_bulk_callback(): fix URB memory leak").

In esd_usb_open(), the URBs for USB-in transfers are allocated, added to
the dev->rx_submitted anchor and submitted. In the complete callback
esd_usb_read_bulk_callback(), the URBs are processed and resubmitted. In
esd_usb_close() the URBs are freed by calling
usb_kill_anchored_urbs(&dev->rx_submitted).

However, this does not take into account that the USB framework unanchors
the URB before the complete function is called. This means that once an
in-URB has been completed, it is no longer anchored and is ultimately not
released in esd_usb_close().

Fix the memory leak by anchoring the URB in the
esd_usb_read_bulk_callback() to the dev->rx_submitted anchor.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.36 < 5.10.249
LinuxLinux Kernel Version >= 5.11 < 5.15.199
LinuxLinux Kernel Version >= 5.16 < 6.1.162
LinuxLinux Kernel Version >= 6.2 < 6.6.122
LinuxLinux Kernel Version >= 6.7 < 6.12.68
LinuxLinux Kernel Version >= 6.13 < 6.18.8
LinuxLinux Kernel Version6.19 Updaterc1
LinuxLinux Kernel Version6.19 Updaterc2
LinuxLinux Kernel Version6.19 Updaterc3
LinuxLinux Kernel Version6.19 Updaterc4
LinuxLinux Kernel Version6.19 Updaterc5
LinuxLinux Kernel Version6.19 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://git.kernel.org/stable/c/adec5e1f9c99fe079ec4c92cca3f1109a3e257c3
Patch
https://git.kernel.org/stable/c/9d1807b442fc3286b204f8e59981b10e743533ce
Patch
https://git.kernel.org/stable/c/a9503ae43256e80db5cba9d449b238607164c51d
Patch
https://git.kernel.org/stable/c/5a4391bdc6c8357242f62f22069c865b792406b3
Patch
https://git.kernel.org/stable/c/92d26ce07ac3b7a850dc68c8d73d487b39c39b33
Patch
https://git.kernel.org/stable/c/93b34d4ba7266030801a509c088ac77c0d7a12e9
Patch
https://git.kernel.org/stable/c/dc934d96673992af8568664c1b58e13eb164010d
Patch