CVE-2026-23082 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error In commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"), the URB was re-anchored before usb_submit_urb() in gs_usb_receive_bulk_callback() to prevent a leak of this URB during cleanup. However, this patch did not take into account that usb_submit_urb() could fail. The URB remains anchored and usb_kill_anchored_urbs(&parent->rx_submitted) in gs_can_close() loops infinitely since the anchor list never becomes empty. To fix the bug, unanchor the URB when an usb_submit_urb() error occurs, also print an info message.

PUBLISHED Reserved 2026-01-13 | Published 2026-02-04 | Updated 2026-02-09 | Assigner Linux

Product status

Default status

unaffected

ec5ccc2af9e5b045671f3f604b57512feda8bcc5 (git) before aa8a8866c533a150be4763bcb27993603bd5426c

affected

f905bcfa971edb89e398c98957838d8c6381c0c7 (git) before ce4352057fc5a986c76ece90801b9755e7c6e56c

affected

08624b7206ddb9148eeffc2384ebda2c47b6d1e9 (git) before c610b550ccc0438d456dfe1df9f4f36254ccaae3

affected

9f669a38ca70839229b7ba0f851820850a2fe1f7 (git) before c3edc14da81a8d8398682f6e4ab819f09f37c0b7

affected

7352e1d5932a0e777e39fa4b619801191f57e603 (git) before 79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7

affected

Default status

unaffected

6.12.67 (semver) before 6.12.68

affected

6.18.7 (semver) before 6.18.8

affected

References

git.kernel.org/...c/aa8a8866c533a150be4763bcb27993603bd5426c

git.kernel.org/...c/ce4352057fc5a986c76ece90801b9755e7c6e56c

git.kernel.org/...c/c610b550ccc0438d456dfe1df9f4f36254ccaae3

git.kernel.org/...c/c3edc14da81a8d8398682f6e4ab819f09f37c0b7

git.kernel.org/...c/79a6d1bfe1148bc921b8d7f3371a7fbce44e30f7

cve.org (CVE-2026-23082)

nvd.nist.gov (CVE-2026-23082)

Download JSON