CVE-2026-43223
Analyzed Analyzed - Analysis Complete
URB Leak in pvrusb2 Driver

Publication date: 2026-05-06

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix URB leak in pvr2_send_request_ex When pvr2_send_request_ex() submits a write URB successfully but fails to submit the read URB (e.g. returns -ENOMEM), it returns immediately without waiting for the write URB to complete. Since the driver reuses the same URB structure, a subsequent call to pvr2_send_request_ex() attempts to submit the still-active write URB, triggering a 'URB submitted while active' warning in usb_submit_urb(). Fix this by ensuring the write URB is unlinked and waited upon if the read URB submission fails.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43223
EUVD
EUVD-2026-27786
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.202 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 2.6.18 (inc) to 5.10.252 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's media subsystem, specifically in the pvrusb2 driver. The issue occurs in the function pvr2_send_request_ex, where if a write USB Request Block (URB) is successfully submitted but the subsequent read URB submission fails (for example, due to insufficient memory), the function returns immediately without waiting for the write URB to complete.

Because the driver reuses the same URB structure, a later call to pvr2_send_request_ex tries to submit the still-active write URB again, which triggers a warning 'URB submitted while active' in the usb_submit_urb() function.

The fix involves ensuring that if the read URB submission fails, the write URB is properly unlinked and waited upon before proceeding, preventing the reuse of an active URB.

Impact Analysis

This vulnerability can lead to instability or unexpected behavior in the USB media device driver (pvrusb2) within the Linux kernel. Specifically, it may cause warnings or errors related to submitting an already active URB, which could result in resource leaks or malfunctioning of the USB device communication.

While the description does not explicitly mention security impacts such as privilege escalation or data leakage, the improper handling of URBs could potentially lead to system instability or denial of service conditions affecting the affected device.

Detection Guidance

This vulnerability involves a URB (USB Request Block) leak in the Linux kernel's pvrusb2 driver, which can trigger a 'URB submitted while active' warning in usb_submit_urb(). Detection would involve monitoring kernel logs for this specific warning message.

  • Check kernel logs for the warning message: 'URB submitted while active'.
  • Use the command: dmesg | grep 'URB submitted while active'
  • Alternatively, monitor system logs with: journalctl -k | grep 'URB submitted while active'
Mitigation Strategies

The vulnerability is fixed by ensuring the write URB is unlinked and waited upon if the read URB submission fails. Immediate mitigation steps include updating the Linux kernel to a version where this fix is applied.

  • Update the Linux kernel to the latest version that includes the fix for the pvrusb2 URB leak.
  • If updating immediately is not possible, consider unloading or disabling the pvrusb2 driver to prevent triggering the vulnerability.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43223. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart