CVE-2026-23058
Published: Feb 4, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In ems_usb_open(), the URBs for USB-in transfers are allocated, added to the dev->rx_submitted anchor and submitted. In the complete callback ems_usb_read_bulk_callback(), the URBs are processed and resubmitted. In ems_usb_close() the URBs are freed by calling usb_kill_anchored_urbs(&dev->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in ems_usb_close(). Fix the memory leak by anchoring the URB in the ems_usb_read_bulk_callback() to the dev->rx_submitted anchor.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 702171adeed3607ee9603ec30ce081411e36ae42 - < e2c71030dc464d437110bcfb367c493fd402bddbaffected 702171adeed3607ee9603ec30ce081411e36ae42 - < f48eabd15194b216030b32445f44230df95f5fe0affected 702171adeed3607ee9603ec30ce081411e36ae42 - < 61e6d3674c3d1da1475dc207b3e75c55d678d18eaffected 702171adeed3607ee9603ec30ce081411e36ae42 - < e9410fdd4d5f7eaa6526d8c80e83029d7c86a8e8affected 702171adeed3607ee9603ec30ce081411e36ae42 - < 46a191ff7eeec33a2ccb2a1bfea34e18fbc5dc1a+2 more versions |
Linux | Linux | affected 2.6.32unaffected 0 - < 2.6.32unaffected 5.10.249 - <= 5.10.*unaffected 5.15.199 - <= 5.15.*unaffected 6.1.162 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now