CVE-2026-23334
Received Received - Intake
Improper Handling of Short USB Interrupt URBs in Linux Kernel

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not the correct length, properly detect it and don't attempt to treat the data as valid.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23334
EUVD
EUVD-2026-15295
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.5
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.17 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.77 (exc)
linux linux_kernel From 6.5.1 (inc) to 6.6.130 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's CAN USB driver (f81604). It involves improper handling of short interrupt URB (USB Request Block) messages. When an interrupt URB is received that is shorter than expected, the system previously did not detect this condition properly and might have treated the incomplete data as valid.

The fix ensures that if an interrupt URB message is not the correct length, it is detected and not processed as valid data.

Impact Analysis

If the Linux kernel improperly processes short interrupt URB messages as valid data, it could lead to incorrect behavior or instability in the CAN USB driver subsystem. This might cause unexpected errors or crashes when handling USB CAN devices.

However, the exact impact depends on how the affected system uses the CAN USB driver and whether it encounters such malformed URB messages.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23334. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart