CVE-2026-22997 — Improper Update of Reference Count in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 99.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 25
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts
Since j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() is
called only when the timer is enabled, we need to call
j1939_session_deactivate_activate_next() if we cancelled the timer.
Otherwise, refcount for j1939_session leaks, which will later appear as
| unregister_netdevice: waiting for vcan0 to become free. Usa…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages12 packages
▶CVEListV5linux/linux9d71dd0c70099914fcd063135da3c580865e924c — a73e7d7e346dae1c22dc3e95b02ca464b12daf2c+7
Patches
🔴Vulnerability Details
2OSV▶
CVE-2026-22997: In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiv↗2026-01-25
GHSA▶
GHSA-86mf-f3rq-8369: In the Linux kernel, the following vulnerability has been resolved:
net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon recei↗2026-01-25