CVE-2026-43223
Awaiting Analysis Awaiting Analysis - Queue
URB Leak in pvrusb2 Driver

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2_send_request_ex When pvr2_send_request_ex() submits a write URB successfully but fails to submit the read URB (e.g. returns -ENOMEM), it returns immediately without waiting for the write URB to complete. Since the driver reuses the same URB structure, a subsequent call to pvr2_send_request_ex() attempts to submit the still-active write URB, triggering a 'URB submitted while active' warning in usb_submit_urb(). Fix this by ensuring the write URB is unlinked and waited upon if the read URB submission fails.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43223
EUVD
EUVD-2026-27786
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's media subsystem, specifically in the pvrusb2 driver. The issue occurs in the function pvr2_send_request_ex, where if a write USB Request Block (URB) is successfully submitted but the subsequent read URB submission fails (for example, due to insufficient memory), the function returns immediately without waiting for the write URB to complete.

Because the driver reuses the same URB structure, a later call to pvr2_send_request_ex tries to submit the still-active write URB again, which triggers a warning 'URB submitted while active' in the usb_submit_urb() function.

The fix involves ensuring that if the read URB submission fails, the write URB is properly unlinked and waited upon before proceeding, preventing the reuse of an active URB.


How can this vulnerability impact me? :

This vulnerability can lead to instability or unexpected behavior in the USB media device driver (pvrusb2) within the Linux kernel. Specifically, it may cause warnings or errors related to submitting an already active URB, which could result in resource leaks or malfunctioning of the USB device communication.

While the description does not explicitly mention security impacts such as privilege escalation or data leakage, the improper handling of URBs could potentially lead to system instability or denial of service conditions affecting the affected device.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves a URB (USB Request Block) leak in the Linux kernel's pvrusb2 driver, which can trigger a 'URB submitted while active' warning in usb_submit_urb(). Detection would involve monitoring kernel logs for this specific warning message.

  • Check kernel logs for the warning message: 'URB submitted while active'.
  • Use the command: dmesg | grep 'URB submitted while active'
  • Alternatively, monitor system logs with: journalctl -k | grep 'URB submitted while active'

What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by ensuring the write URB is unlinked and waited upon if the read URB submission fails. Immediate mitigation steps include updating the Linux kernel to a version where this fix is applied.

  • Update the Linux kernel to the latest version that includes the fix for the pvrusb2 URB leak.
  • If updating immediately is not possible, consider unloading or disabling the pvrusb2 driver to prevent triggering the vulnerability.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart