CVE-2026-23307
Buffer Overflow in Linux can: ems_usb Driver Fixed
Publication date: 2026-03-25
Last updated on: 2026-04-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's ems_usb driver, specifically in the ems_usb_read_bulk_callback() function. The issue arises because the function does not properly check the length of messages it processes. It uses actual_length, which is the size of the buffer passed to the driver, instead of transfer_buffer_length, which is the maximum buffer size set by the driver. This improper length checking can lead to parsing messages without ensuring they are large enough or without preventing overflow past the end of the buffer.
How can this vulnerability impact me? :
The vulnerability can lead to buffer overflows when parsing USB messages in the ems_usb driver. This could potentially cause memory corruption, crashes, or allow an attacker to execute arbitrary code within the kernel context, leading to system compromise or instability.