CVE-2026-23155
Use-After-Free in Linux Kernel gs_usb USB Bulk Callback
Publication date: 2026-02-14
Last updated on: 2026-04-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.12.68 |
| linux | linux_kernel | 6.18.8 |
| linux | linux_kernel | 6.6.122 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the Linux kernel's gs_usb driver, specifically in the function gs_usb_receive_bulk_callback(). The issue involves improper handling of error messages when a USB request block (URB) resubmission fails. Before the fix, a short read could cause the net device pointer (netdev) to be uninitialized, leading to dereferencing an undefined value. The fix ensures that netdev is initialized to NULL in such cases and that the error value from the failed URB resubmission is properly reported.
How can this vulnerability impact me? :
This vulnerability could lead to improper error handling in the gs_usb driver, potentially causing the kernel to dereference an undefined pointer. This might result in kernel instability or crashes when handling USB CAN devices, affecting system reliability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know