5.5
CVE-2026-23082
- EPSS 0.12%
- Veröffentlicht 04.02.2026 16:08:06
- Zuletzt bearbeitet 18.04.2026 09:16:13
- CVE-Watchlists
- Unerledigt
can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error
In the Linux kernel, the following vulnerability has been resolved:
can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error
In commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix
URB memory leak"), the URB was re-anchored before usb_submit_urb() in
gs_usb_receive_bulk_callback() to prevent a leak of this URB during
cleanup.
However, this patch did not take into account that usb_submit_urb() could
fail. The URB remains anchored and
usb_kill_anchored_urbs(&parent->rx_submitted) in gs_can_close() loops
infinitely since the anchor list never becomes empty.
To fix the bug, unanchor the URB when an usb_submit_urb() error occurs,
also print an info message.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version6.12.67
Linux ≫ Linux Kernel Version6.18.7
Linux ≫ Linux Kernel Version6.19 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.024 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
https://git.kernel.org/stable/c/ce4352057fc5a986c76ece90801b9755e7c6e56c
https://git.kernel.org/stable/c/c610b550ccc0438d456dfe1df9f4f36254ccaae3
https://git.kernel.org/stable/c/c3edc14da81a8d8398682f6e4ab819f09f37c0b7
https://git.kernel.org/stable/c/79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7
https://git.kernel.org/stable/c/aa8a8866c533a150be4763bcb27993603bd5426c
https://git.kernel.org/stable/c/da01de754e455e2598a7f1ce4ff2078c4f0ecde1