Home

Description

In the Linux kernel, the following vulnerability has been resolved: can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In usb_8dev_open() -> usb_8dev_start(), the URBs for USB-in transfers are allocated, added to the priv->rx_submitted anchor and submitted. In the complete callback usb_8dev_read_bulk_callback(), the URBs are processed and resubmitted. In usb_8dev_close() -> unlink_all_urbs() the URBs are freed by calling usb_kill_anchored_urbs(&priv->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in usb_kill_anchored_urbs(). Fix the memory leak by anchoring the URB in the usb_8dev_read_bulk_callback() to the priv->rx_submitted anchor.

PUBLISHED Reserved 2026-01-13 | Published 2026-02-04 | Updated 2026-02-09 | Assigner Linux

Product status

Default status
unaffected

0024d8ad1639e32d717445c69ca813fd19c2a91c (git) before feb8243eaea7efd5279b19667d7189fd8654c87a
affected

0024d8ad1639e32d717445c69ca813fd19c2a91c (git) before ef6e608e5ee71eca0cd3475c737e684cef24f240
affected

0024d8ad1639e32d717445c69ca813fd19c2a91c (git) before 60719661b4cbd7ffbed1a0e0fa3bbc82d8bd2be9
affected

0024d8ad1639e32d717445c69ca813fd19c2a91c (git) before 59ff56992bba28051ad67cd8cc7b0edfe7280796
affected

0024d8ad1639e32d717445c69ca813fd19c2a91c (git) before ea4a98e924164586066b39f29bfcc7cc9da108cd
affected

0024d8ad1639e32d717445c69ca813fd19c2a91c (git) before 07e9373739c6388af9d99797cdb2e79dbbcbe92b
affected

0024d8ad1639e32d717445c69ca813fd19c2a91c (git) before f7a980b3b8f80fe367f679da376cf76e800f9480
affected

Default status
affected

3.9
affected

Any version before 3.9
unaffected

5.10.249 (semver)
unaffected

5.15.199 (semver)
unaffected

6.1.162 (semver)
unaffected

6.6.122 (semver)
unaffected

6.12.68 (semver)
unaffected

6.18.8 (semver)
unaffected

6.19 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/feb8243eaea7efd5279b19667d7189fd8654c87a

git.kernel.org/...c/ef6e608e5ee71eca0cd3475c737e684cef24f240

git.kernel.org/...c/60719661b4cbd7ffbed1a0e0fa3bbc82d8bd2be9

git.kernel.org/...c/59ff56992bba28051ad67cd8cc7b0edfe7280796

git.kernel.org/...c/ea4a98e924164586066b39f29bfcc7cc9da108cd

git.kernel.org/...c/07e9373739c6388af9d99797cdb2e79dbbcbe92b

git.kernel.org/...c/f7a980b3b8f80fe367f679da376cf76e800f9480

cve.org (CVE-2026-23108)

nvd.nist.gov (CVE-2026-23108)

Download JSON