CVE-2026-23347
Received Received - Intake
Use-After-Free Vulnerability in Linux can: usb f81604 Driver

Publication date: 2026-03-25

Last updated on: 2026-04-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if usb_kill_anchored_urbs() is called. This logic is correctly done elsewhere in the driver, except in the read bulk callback so do that here also.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-24
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23347
EUVD
EUVD-2026-15315
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.5
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.17 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.77 (exc)
linux linux_kernel From 6.5.1 (inc) to 6.6.130 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's USB CAN driver (f81604). It involves the improper handling of USB Request Blocks (URBs) in the read bulk callback function. Specifically, when submitting an URB using the anchor pattern, the URB must be anchored before submission to prevent it from being leaked if usb_kill_anchored_urbs() is called. The driver correctly implements this anchoring in other parts, but it was missing in the read bulk callback, which could lead to resource leaks.

Impact Analysis

The impact of this vulnerability is primarily related to resource management within the Linux kernel's USB CAN driver. If URBs are not properly anchored before submission, they could be leaked when usb_kill_anchored_urbs() is invoked. This could lead to resource exhaustion or instability in the USB subsystem, potentially affecting system reliability or causing unexpected behavior in USB CAN communications.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23347. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart