CVE-2026-23347
Use-After-Free Vulnerability in Linux can: usb f81604 Driver
Publication date: 2026-03-25
Last updated on: 2026-04-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.5 |
| linux | linux_kernel | From 6.19 (inc) to 6.19.7 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.17 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.77 (exc) |
| linux | linux_kernel | From 6.5.1 (inc) to 6.6.130 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's USB CAN driver (f81604). It involves the improper handling of USB Request Blocks (URBs) in the read bulk callback function. Specifically, when submitting an URB using the anchor pattern, the URB must be anchored before submission to prevent it from being leaked if usb_kill_anchored_urbs() is called. The driver correctly implements this anchoring in other parts, but it was missing in the read bulk callback, which could lead to resource leaks.
How can this vulnerability impact me? :
The impact of this vulnerability is primarily related to resource management within the Linux kernel's USB CAN driver. If URBs are not properly anchored before submission, they could be leaked when usb_kill_anchored_urbs() is invoked. This could lead to resource exhaustion or instability in the USB subsystem, potentially affecting system reliability or causing unexpected behavior in USB CAN communications.