CVE-2026-23058 — Missing Release of Memory after Effective Lifetime in Linux
Severity
5.5MEDIUM
No vectorEPSS
0.0%
top 89.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 4
Latest updateApr 17
Description
In the Linux kernel, the following vulnerability has been resolved:
can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak
Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb:
gs_usb_receive_bulk_callback(): fix URB memory leak").
In ems_usb_open(), the URBs for USB-in transfers are allocated, added to
the dev->rx_submitted anchor and submitted. In the complete callback
ems_usb_read_bulk_callback(), the URBs are processed and resubmitted. In
ems_usb_close() the URBs are f…
Affected Packages12 packages
▶CVEListV5linux/linux702171adeed3607ee9603ec30ce081411e36ae42 — e2c71030dc464d437110bcfb367c493fd402bddb+7
🔴Vulnerability Details
3OSV▶
CVE-2026-23058: In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak Fix similar memory↗2026-02-04
GHSA▶
GHSA-7g6w-2p3x-pf3p: In the Linux kernel, the following vulnerability has been resolved:
can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak
Fix similar memo↗2026-02-04