DEBIAN-CVE-2026-23031
In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. In the complete callback gs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In gs_can_close() the URBs are freed by calling usb_kill_anchored_urbs(parent->rx_submitted). However, this does not take into account that the USB framework unanchors the URB before the complete function is called. This means that once an in-URB has been completed, it is no longer anchored and is ultimately not released in gs_can_close(). Fix the memory leak by anchoring the URB in the gs_usb_receive_bulk_callback() to the parent->rx_submitted anchor.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux-6.1 | 6.1.112-1, *, 6.1.159-1 |
| Debian:13 | linux | 6.12.41-1, 0, 6.12.69-1 |
| Debian:11 | linux | 6.19-1, 6.11.2-1, 6.11.4-1 |
| Debian:14 | linux | 6.15.6-1, 6.17.12-1, 6.17.13-1 |
| Debian:12 | linux | 6.1.133-1, 6.1.135-1, 6.1.137-1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Jan 31, 2026 CVE Published
- Apr 28, 2026 CVE Updated