CVE-2026-43223
Analyzed Analyzed - Analysis Complete

URB Leak in pvrusb2 Driver

Vulnerability report for CVE-2026-43223, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-06

Last updated on: 2026-05-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2_send_request_ex When pvr2_send_request_ex() submits a write URB successfully but fails to submit the read URB (e.g. returns -ENOMEM), it returns immediately without waiting for the write URB to complete. Since the driver reuses the same URB structure, a subsequent call to pvr2_send_request_ex() attempts to submit the still-active write URB, triggering a 'URB submitted while active' warning in usb_submit_urb(). Fix this by ensuring the write URB is unlinked and waited upon if the read URB submission fails.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-06
Last Modified
2026-05-08
Generated
2026-07-06
AI Q&A
2026-05-06
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.202 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 2.6.18 (inc) to 5.10.252 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability involves a URB (USB Request Block) leak in the Linux kernel's pvrusb2 driver, which can trigger a 'URB submitted while active' warning in usb_submit_urb(). Detection would involve monitoring kernel logs for this specific warning message.

  • Check kernel logs for the warning message: 'URB submitted while active'.
  • Use the command: dmesg | grep 'URB submitted while active'
  • Alternatively, monitor system logs with: journalctl -k | grep 'URB submitted while active'
Mitigation Strategies

The vulnerability is fixed by ensuring the write URB is unlinked and waited upon if the read URB submission fails. Immediate mitigation steps include updating the Linux kernel to a version where this fix is applied.

  • Update the Linux kernel to the latest version that includes the fix for the pvrusb2 URB leak.
  • If updating immediately is not possible, consider unloading or disabling the pvrusb2 driver to prevent triggering the vulnerability.
Executive Summary

This vulnerability exists in the Linux kernel's media subsystem, specifically in the pvrusb2 driver. The issue occurs in the function pvr2_send_request_ex, where if a write USB Request Block (URB) is successfully submitted but the subsequent read URB submission fails (for example, due to insufficient memory), the function returns immediately without waiting for the write URB to complete.

Because the driver reuses the same URB structure, a later call to pvr2_send_request_ex tries to submit the still-active write URB again, which triggers a warning 'URB submitted while active' in the usb_submit_urb() function.

The fix involves ensuring that if the read URB submission fails, the write URB is properly unlinked and waited upon before proceeding, preventing the reuse of an active URB.

Impact Analysis

This vulnerability can lead to instability or unexpected behavior in the USB media device driver (pvrusb2) within the Linux kernel. Specifically, it may cause warnings or errors related to submitting an already active URB, which could result in resource leaks or malfunctioning of the USB device communication.

While the description does not explicitly mention security impacts such as privilege escalation or data leakage, the improper handling of URBs could potentially lead to system instability or denial of service conditions affecting the affected device.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43223. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart