Skip to main content

Linux EUVDEUVD-2026-15315

| CVE-2026-23347 MEDIUM
2026-03-25 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 24, 2026 - 18:22 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15315
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

can: usb: f81604: correctly anchor the urb in the read bulk callback

When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if usb_kill_anchored_urbs() is called. This logic is correctly done elsewhere in the driver, except in the read bulk callback so do that here also.

AnalysisAI

A use-after-free vulnerability exists in the Linux kernel's CAN USB f81604 driver where URBs submitted in the read bulk callback are not properly anchored before submission, potentially allowing them to be leaked if usb_kill_anchored_urbs() is invoked. This affects all Linux kernel versions with the vulnerable f81604 driver code. An attacker with local access or control over a malicious USB CAN adapter could potentially trigger memory corruption or information disclosure by causing URB leaks during driver cleanup or device disconnection.

Technical ContextAI

The vulnerability resides in the Linux kernel's CAN (Controller Area Network) USB driver for Fintek f81604 devices, part of the broader USB subsystem. The issue involves improper resource management of USB Request Blocks (URBs), which are the fundamental data structures for USB communication in Linux. URBs submitted to the USB core must be anchored to a usb_anchor structure before submission to ensure proper lifetime management and cleanup via usb_kill_anchored_urbs(). The CWE classification relates to resource management and use-after-free patterns—specifically, the read bulk callback submits URBs without anchoring them first, violating the established pattern used elsewhere in the same driver. This creates a window where URBs can be submitted but not tracked by the anchor mechanism, leading to potential memory leaks or access to freed memory during device removal. Affected products are identified via CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* for all Linux kernel versions prior to the patch.

RemediationAI

Update the Linux kernel to a version that includes one of the five patch commits (54ee74307165b348b2fddcd7942eb48fb4ee1237, c001214e12202338425d6dda5d2a1919d674282d, f6d80b104f904a6da922907394eec66d3e2ffc57, 7724645c4792914cd07f36718816c5369cc57970, or 952caa5da10bed22be09612433964f6877ba0dde). For most users, this means upgrading to the latest stable kernel in your distribution's repository (e.g., Linux 6.9 or later, or the latest patch release of your active stable series such as 6.6.x or 6.1.x). As a workaround prior to patching, disable the f81604 driver if the device is not in use (via CONFIG_CAN_F81604=n or by blacklisting the module). Users relying on f81604 devices should prioritize kernel updates; see the kernel git stable repository at https://git.kernel.org/stable/ for patch details and backport status.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15315 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy