5.5

CVE-2026-23082

can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error

In the Linux kernel, the following vulnerability has been resolved:

can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error

In commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix
URB memory leak"), the URB was re-anchored before usb_submit_urb() in
gs_usb_receive_bulk_callback() to prevent a leak of this URB during
cleanup.

However, this patch did not take into account that usb_submit_urb() could
fail. The URB remains anchored and
usb_kill_anchored_urbs(&parent->rx_submitted) in gs_can_close() loops
infinitely since the anchor list never becomes empty.

To fix the bug, unanchor the URB when an usb_submit_urb() error occurs,
also print an info message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version6.12.67
LinuxLinux Kernel Version6.18.7
LinuxLinux Kernel Version6.19 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.024
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://git.kernel.org/stable/c/ce4352057fc5a986c76ece90801b9755e7c6e56c
Patch
https://git.kernel.org/stable/c/c610b550ccc0438d456dfe1df9f4f36254ccaae3
Patch
https://git.kernel.org/stable/c/c3edc14da81a8d8398682f6e4ab819f09f37c0b7
Patch
https://git.kernel.org/stable/c/79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7
Patch
https://git.kernel.org/stable/c/aa8a8866c533a150be4763bcb27993603bd5426c
Patch
https://git.kernel.org/stable/c/da01de754e455e2598a7f1ce4ff2078c4f0ecde1