Skip to main content

Linux EUVDEUVD-2026-15277

| CVE-2026-23324 MEDIUM
2026-03-25 Linux GHSA-6pcx-mjxw-6w72
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 23, 2026 - 21:11 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15277
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

can: usb: etas_es58x: correctly anchor the urb in the read bulk callback

When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if usb_kill_anchored_urbs() is called. This logic is correctly done elsewhere in the driver, except in the read bulk callback so do that here also.

AnalysisAI

A resource leak vulnerability exists in the Linux kernel's ETAS ES58X USB CAN driver where URBs (USB Request Blocks) submitted in the read bulk callback are not properly anchored before submission, potentially causing memory leaks when usb_kill_anchored_urbs() is invoked. This affects all Linux kernel versions running the etas_es58x driver. An attacker with local access to trigger device disconnection or system shutdown could cause kernel memory exhaustion through repeated URB leaks, leading to denial of service or information disclosure of kernel memory contents.

Technical ContextAI

The vulnerability resides in the ETAS ES58X USB CAN (Controller Area Network) interface driver within the Linux kernel's USB subsystem. The affected code is in drivers/net/can/usb/etas_es58x.c. The issue stems from improper USB URB anchor pattern implementation; URBs must be anchored (via usb_anchor_urb()) before submission (usb_submit_urb()) to ensure proper cleanup when usb_kill_anchored_urbs() is called. The root cause is a missing usb_anchor_urb() call in the read bulk callback function, which violates the driver's own URB anchor pattern used elsewhere. This is a resource management flaw (CWE-272: Improper Initialization with Hard-Coded Network Resource Configuration Elements, or more broadly CWE-404: Improper Resource Validation) where resources are allocated but not properly tracked for cleanup. The CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* indicates all Linux versions are potentially affected if they include this driver.

RemediationAI

Upgrade the Linux kernel to a version containing the patched etas_es58x driver; check your distribution's kernel security advisories and stable kernel releases at https://git.kernel.org/stable/ for the specific version numbers corresponding to the commits listed above (search the stable branch matching your current kernel version). For immediate mitigation pending patching, disable the etas_es58x driver via modprobe blacklist if ES58X USB devices are not in use, or physically disconnect unused ES58X CAN interfaces. Alternatively, implement strict device hot-plug policies and monitor kernel memory usage for signs of leaks (via /proc/meminfo and dmesg). Organizations reliant on ES58X devices should prioritize kernel updates to stable releases with the fix integrated.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15277 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy