Skip to main content

Linux EUVDEUVD-2026-15295

| CVE-2026-23334 MEDIUM
2026-03-25 Linux GHSA-2x56-x8gq-8cv3
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 23, 2026 - 21:27 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15295
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

can: usb: f81604: handle short interrupt urb messages properly

If an interrupt urb is received that is not the correct length, properly detect it and don't attempt to treat the data as valid.

AnalysisAI

A buffer handling vulnerability exists in the Linux kernel's CAN USB f81604 driver where improperly sized interrupt URB (USB Request Block) messages are not validated before processing, potentially leading to information disclosure or memory corruption. All Linux kernel versions with the affected CAN f81604 USB driver are impacted. An attacker with physical access to a malicious USB device or local system access could trigger abnormal URB message handling to leak kernel memory or cause denial of service. This vulnerability is not currently listed as actively exploited in known vulnerability databases, and no public proof-of-concept has been widely circulated, though patches are available across multiple kernel stable branches.

Technical ContextAI

The vulnerability resides in the Linux kernel's SocketCAN subsystem, specifically the f81604 CAN USB adapter driver (cpe:2.3:a:linux:linux). The f81604 is a USB-to-CAN interface device that communicates with the kernel via interrupt URBs. The root cause is improper input validation of interrupt URB message length before the driver processes the payload. Rather than explicitly validating that received interrupt messages conform to the expected protocol message size, the driver attempted to process variable-length or truncated URB data as if it were properly formatted, creating a classic buffer boundary violation scenario. This falls under improper input validation and lack of bounds checking—categories typically associated with CWE-20 (Improper Input Validation) or CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). The vulnerability is triggered at the USB device driver level, where malformed interrupt transfers from a USB device are received without sufficient sanitization.

RemediationAI

Apply the latest stable kernel updates from your distribution, ensuring patches for the f81604 CAN driver are included. For immediate remediation, disable the f81604 CAN USB driver via kernel module blacklist (add 'blacklist can_f81604' to /etc/modprobe.d/ or rebuild the kernel without CONFIG_CAN_F81604 enabled) if the device is not in active use. For deployments requiring the f81604 driver, implement strict USB device policy controls using usbguard or similar tools to permit only whitelisted USB CAN adapters and prevent connection of untrusted USB devices. Monitor kernel logs for URB errors or unexpected CAN messages. Patches are available across all major stable kernel branches via https://git.kernel.org/stable/ with backports to LTS (Long-Term Support) kernels; consult your distribution's security advisory for the recommended kernel version to upgrade to.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15295 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy