CVE-2026-23334
Improper Handling of Short USB Interrupt URBs in Linux Kernel
Publication date: 2026-03-25
Last updated on: 2026-04-23
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | From 6.19 (inc) to 6.19.7 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.17 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.77 (exc) |
| linux | linux_kernel | From 6.5.1 (inc) to 6.6.130 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's CAN USB driver (f81604). It involves improper handling of short interrupt URB (USB Request Block) messages. When an interrupt URB is received that is shorter than expected, the system previously did not detect this condition properly and might have treated the incomplete data as valid.
The fix ensures that if an interrupt URB message is not the correct length, it is detected and not processed as valid data.
How can this vulnerability impact me? :
If the Linux kernel improperly processes short interrupt URB messages as valid data, it could lead to incorrect behavior or instability in the CAN USB driver subsystem. This might cause unexpected errors or crashes when handling USB CAN devices.
However, the exact impact depends on how the affected system uses the CAN USB driver and whether it encounters such malformed URB messages.