CVE-2026-23108 can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak

🗓️ 04 Feb 2026 16:08:28Reported by GoogleType

osv

osv🔗 osv.dev👁 2 Views

Fix URB memory leak in usb_8dev_read_bulk_callback by anchoring URBs to priv->rx_submitted.

Reporter	Title	Published	Views	Family All 138
ATTACKERKB	CVE-2026-23108	4 Feb 202616:08	–	attackerkb
CBLMariner	CVE-2026-23108 affecting package kernel for versions less than 6.6.126.1-1	10 Mar 202622:56	–	cbl_mariner
Circl	CVE-2026-23108	19 Mar 202600:00	–	circl
CNNVD	Linux kernel 安全漏洞	4 Feb 202600:00	–	cnnvd
CVE	CVE-2026-23108	4 Feb 202616:08	–	cve
Cvelist	CVE-2026-23108 can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak	4 Feb 202616:08	–	cvelist
Debian	[SECURITY] [DLA 4475-1] linux security update	11 Feb 202612:47	–	debian
Debian	[SECURITY] [DLA 4476-1] linux-6.1 security update	11 Feb 202612:48	–	debian
Debian	[SECURITY] [DSA 6126-1] linux security update	9 Feb 202618:21	–	debian
Debian	[SECURITY] [DSA 6127-1] linux security update	9 Feb 202619:19	–	debian

Source	Link
git	www.git.kernel.org/stable/c/07e9373739c6388af9d99797cdb2e79dbbcbe92b
git	www.git.kernel.org/stable/c/59ff56992bba28051ad67cd8cc7b0edfe7280796
git	www.git.kernel.org/stable/c/60719661b4cbd7ffbed1a0e0fa3bbc82d8bd2be9
git	www.git.kernel.org/stable/c/ea4a98e924164586066b39f29bfcc7cc9da108cd
git	www.git.kernel.org/stable/c/ef6e608e5ee71eca0cd3475c737e684cef24f240
git	www.git.kernel.org/stable/c/f7a980b3b8f80fe367f679da376cf76e800f9480
git	www.git.kernel.org/stable/c/feb8243eaea7efd5279b19667d7189fd8654c87a
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23108.json
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-23108
git	www.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

28 Apr 2026 18:29Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.15.5

EPSS0.00023

usb request block memory leak fix callback anchoring private receive anchor