CVE-2026-23031Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 96.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJan 31

Description

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. In the complete callback gs_usb_receive_bulk_callback(), the URB is processed and resubmitted. In gs_can_close() the URBs are freed by calling usb_kill_anchored_urbs(parent->rx_submitted). However, this does not take into account that the USB fr

Affected Packages5 packages

Linuxlinux/linux_kernel3.16.06.1.162+3
Debianlinux/linux_kernel< 6.1.162-1+2
CVEListV5linux/linuxd08e973a77d128b25e01a08c34d89593fdf222daec5ccc2af9e5b045671f3f604b57512feda8bcc5+5
debiandebian/linux< linux 6.1.162-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.162-1 (bookworm)

🔴Vulnerability Details

3
OSV
can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak2026-01-31
GHSA
GHSA-gvm4-5v6x-vmv9: In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(2026-01-31
OSV
CVE-2026-23031: In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(),2026-01-31

📋Vendor Advisories

2
Red Hat
kernel: Linux kernel: Memory leak in gs_usb module can lead to denial of service via improper USB Request Block handling.2026-01-31
Debian
CVE-2026-23031: linux - In the Linux kernel, the following vulnerability has been resolved: can: gs_usb...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23031 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23031 — Linux vulnerability | cvebase