CVE-2026-23058
Unknown Unknown - Not Provided
Memory Leak in Linux Kernel ems_usb USB Bulk Callback

Publication date: 2026-02-04

Last updated on: 2026-02-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In ems_usb_open(), the URBs for USB-in transfers are allocated, added to the dev->rx_submitted anchor and submitted. In the complete callback ems_usb_read_bulk_callback(), the URBs are processed and resubmitted. In ems_usb_close() the URBs are freed by calling usb_kill_anchored_urbs(&dev->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in ems_usb_close(). Fix the memory leak by anchoring the URB in the ems_usb_read_bulk_callback() to the dev->rx_submitted anchor.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-02-06
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23058
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's ems_usb driver, specifically in the ems_usb_read_bulk_callback() function. The issue arises because USB Request Blocks (URBs) are unanchored by the USB framework before the completion callback is called, causing them not to be properly released in the ems_usb_close() function. As a result, memory allocated for these URBs is not freed, leading to a memory leak.

The fix involves anchoring the URB again within the ems_usb_read_bulk_callback() function to ensure that the URBs remain tracked and are properly freed when the device is closed.

Impact Analysis

This memory leak can cause the system to consume increasing amounts of memory over time when using the ems_usb driver, potentially leading to degraded system performance or instability. In environments where the affected USB device is frequently used, this could result in resource exhaustion, causing crashes or requiring system reboots.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23058. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart