CVE-2026-23347

| EUVD-2026-15315
2026-03-25 Linux

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15315
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

Tags

Linux Kernel Use After Free Denial Of Service Debian Suse

Description

In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if usb_kill_anchored_urbs() is called. This logic is correctly done elsewhere in the driver, except in the read bulk callback so do that here also.

Analysis

A use-after-free vulnerability exists in the Linux kernel's CAN USB f81604 driver where URBs submitted in the read bulk callback are not properly anchored before submission, potentially allowing them to be leaked if usb_kill_anchored_urbs() is invoked. This affects all Linux kernel versions with the vulnerable f81604 driver code. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Vendor Status

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

Share

CVE-2026-23347 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy