CVE-2026-23155
Unknown Unknown - Not Provided
Use-After-Free in Linux Kernel gs_usb USB Bulk Callback

Publication date: 2026-02-14

Last updated on: 2026-04-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix error message Sinc commit 79a6d1bfe114 ("can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error") a failing resubmit URB will print an info message. In the case of a short read where netdev has not yet been assigned, initialize as NULL to avoid dereferencing an undefined value. Also report the error value of the failed resubmit.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-04-18
Generated
2026-06-16
AI Q&A
2026-02-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23155
EUVD
EUVD-2026-5882
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.12.68
linux linux_kernel 6.18.8
linux linux_kernel 6.6.122
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is related to the Linux kernel's gs_usb driver, specifically in the function gs_usb_receive_bulk_callback(). The issue involves improper handling of error messages when a USB request block (URB) resubmission fails. Before the fix, a short read could cause the net device pointer (netdev) to be uninitialized, leading to dereferencing an undefined value. The fix ensures that netdev is initialized to NULL in such cases and that the error value from the failed URB resubmission is properly reported.

Impact Analysis

This vulnerability could lead to improper error handling in the gs_usb driver, potentially causing the kernel to dereference an undefined pointer. This might result in kernel instability or crashes when handling USB CAN devices, affecting system reliability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23155. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart