CVE-2026-31757
USB URB Memory Leak in Linux Kernel
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the usbio URB memory leak issue.
The fix ensures that when usb_submit_urb() fails in usbio_probe(), the allocated URB is properly freed, preventing memory leaks.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's USB subsystem, specifically in the usbio component. When the function usb_submit_urb() fails during the usbio_probe() process, the allocated USB Request Block (URB) is not freed properly, leading to a memory leak. The issue is fixed by ensuring that on failure, the code jumps to an error handling label that releases the allocated URB, preventing the memory leak.
How can this vulnerability impact me? :
This vulnerability can cause a memory leak in the Linux kernel when USB devices are initialized and the usb_submit_urb() function fails. Over time, this memory leak could lead to increased memory usage, potentially degrading system performance or causing instability. In environments with frequent USB device connections or disconnections, this could result in resource exhaustion or system crashes.