Skip to main content

Linux Kernel CVE-2026-31757

| EUVDEUVD-2026-26570 MEDIUM
Memory Leak (CWE-401)
2026-05-01 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 08, 2026 - 21:00 vuln.today
CVSS changed
May 08, 2026 - 18:37 NVD
5.5 (MEDIUM)
Patch available
May 01, 2026 - 16:33 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26570
CVE Published
May 01, 2026 - 14:14 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:14 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

usb: misc: usbio: Fix URB memory leak on submit failure

When usb_submit_urb() fails in usbio_probe(), the previously allocated URB is never freed, causing a memory leak.

Fix this by jumping to err_free_urb label to properly release the URB on the error path.

AnalysisAI

A memory leak in the Linux kernel's USB misc usbio driver allows local attackers with low privileges to cause a denial of service by exhausting kernel memory through repeated USB device probe failures. The vulnerability arises when usb_submit_urb() fails during device initialization, leaving allocated URB structures unreleased and accumulating with each failed probe attempt.

Technical ContextAI

The vulnerability exists in the usbio probe function of the Linux kernel's USB miscellaneous drivers subsystem. When a USB device is enumerated and the driver's probe function is called, it allocates a USB Request Block (URB) structure via usb_alloc_urb() to manage asynchronous USB communications. If the subsequent usb_submit_urb() call fails-due to device removal, resource exhaustion, or other error conditions-the error handling path did not properly deallocate the URB via usb_free_urb(). This is a classic resource leak (CWE-401: Missing Release of Memory after Effective Lifetime) where system memory is allocated but never returned to the kernel's free pool. The fix implements proper error path cleanup by jumping to an err_free_urb label that releases the URB before returning the error code.

RemediationAI

Update the Linux kernel to version 6.18.22 or later, 6.19.12 or later, or 7.0 or later depending on your current branch. Apply the upstream fix by cherry-picking commit 65ff09f48b0e72e4049096a989723406aabcf091 or its branch-specific equivalents (1762dc43b983d321180582afba4a0c5185fae04c for 6.18.x, 33cfe0709b6bf1a7f1a16d5e8d65d003a71b6a21 for 6.19.x) if rebuilding from source. For systems unable to immediately update, monitor kernel memory usage during USB device hotplug events and implement rate-limiting on USB device addition/removal via udev rules to reduce the likelihood of memory exhaustion. Disable unnecessary USB device support in the kernel configuration if USB functionality is not required. Verify the patch is present by confirming the usbio probe function includes the err_free_urb label and usb_free_urb() call in the error path. Reference the upstream commits via https://git.kernel.org/stable/ for detailed patch content and verification.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31757 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy