CVE-2026-23108
Published: Feb 4, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In usb_8dev_open() -> usb_8dev_start(), the URBs for USB-in transfers are allocated, added to the priv->rx_submitted anchor and submitted. In the complete callback usb_8dev_read_bulk_callback(), the URBs are processed and resubmitted. In usb_8dev_close() -> unlink_all_urbs() the URBs are freed by calling usb_kill_anchored_urbs(&priv->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in usb_kill_anchored_urbs(). Fix the memory leak by anchoring the URB in the usb_8dev_read_bulk_callback() to the priv->rx_submitted anchor.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 0024d8ad1639e32d717445c69ca813fd19c2a91c - < feb8243eaea7efd5279b19667d7189fd8654c87aaffected 0024d8ad1639e32d717445c69ca813fd19c2a91c - < ef6e608e5ee71eca0cd3475c737e684cef24f240affected 0024d8ad1639e32d717445c69ca813fd19c2a91c - < 60719661b4cbd7ffbed1a0e0fa3bbc82d8bd2be9affected 0024d8ad1639e32d717445c69ca813fd19c2a91c - < 59ff56992bba28051ad67cd8cc7b0edfe7280796affected 0024d8ad1639e32d717445c69ca813fd19c2a91c - < ea4a98e924164586066b39f29bfcc7cc9da108cd+2 more versions |
Linux | Linux | affected 3.9unaffected 0 - < 3.9unaffected 5.10.249 - <= 5.10.*unaffected 5.15.199 - <= 5.15.*unaffected 6.1.162 - <= 6.1.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now