CVE-2026-23080
- Source
- https://cve.org/CVERecord?id=CVE-2026-23080
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23080.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-23080
- Downstream
- Related
- Published
- 2026-02-04T16:08:04.982Z
- Modified
- 2026-03-29T17:44:09.556655073Z
- Summary
- can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
can: mcbausb: mcbausbreadbulk_callback(): fix URB memory leak
Fix similar memory leak as in commit 7352e1d5932a ("can: gsusb: gsusbreceivebulk_callback(): fix URB memory leak").
In mcbausbprobe() -> mcbausbstart(), the URBs for USB-in transfers are allocated, added to the priv->rxsubmitted anchor and submitted. In the complete callback mcbausbreadbulkcallback(), the URBs are processed and resubmitted. In mcbausbclose() -> mcbaurbunlink() the URBs are freed by calling usbkillanchoredurbs(&priv->rx_submitted).
However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in usbkillanchored_urbs().
Fix the memory leak by anchoring the URB in the mcbausbreadbulkcallback()to the priv->rx_submitted anchor.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23080.json" }- References
-
- https://git.kernel.org/stable/c/179f6f0cf5ae489743273b7c1644324c0c477ea9
- https://git.kernel.org/stable/c/59153b6388e05609144ad56a9b354e9100a91983
- https://git.kernel.org/stable/c/710a7529fb13c5a470258ff5508ed3c498d54729
- https://git.kernel.org/stable/c/8b34c611a4feb81921bc4728c091e4e3ba0270c0
- https://git.kernel.org/stable/c/94c9f6f7b953f6382fef4bdc48c046b861b8868f
- https://git.kernel.org/stable/c/b5a1ccdc63b71d93a69a6b72f7a3f3934293ea60
- https://git.kernel.org/stable/c/d374d715e338dfc3804aaa006fa6e470ffebb264
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23080.json
- https://nvd.nist.gov/vuln/detail/CVE-2026-23080
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced51f3baad7de943780ce0c17bd7975df567dd6e14Fixed8b34c611a4feb81921bc4728c091e4e3ba0270c0Fixedb5a1ccdc63b71d93a69a6b72f7a3f3934293ea60Fixed59153b6388e05609144ad56a9b354e9100a91983Fixed179f6f0cf5ae489743273b7c1644324c0c477ea9Fixed94c9f6f7b953f6382fef4bdc48c046b861b8868fFixedd374d715e338dfc3804aaa006fa6e470ffebb264Fixed710a7529fb13c5a470258ff5508ed3c498d54729