CVE-2026-23324Missing Release of Resource after Effective Lifetime in Linux

CWE-772Missing Release of Resource after Effective Lifetime9 documents8 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: can: usb: etas_es58x: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if usb_kill_anchored_urbs() is called. This logic is correctly done elsewhere in the driver, except in the read bulk callback so do that here also.

Affected Packages3 packages

Linuxlinux/linux_kernel5.13.06.1.167+4
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux8537257874e949a59c834cecfd5a063e11b64b0b2185ea6e4ebcb61d1224dc7d187c59723cb5ad59+6

🔴Vulnerability Details

4
CVEList
can: usb: etas_es58x: correctly anchor the urb in the read bulk callback2026-03-25
OSV
can: usb: etas_es58x: correctly anchor the urb in the read bulk callback2026-03-25
OSV
CVE-2026-23324: In the Linux kernel, the following vulnerability has been resolved: can: usb: etas_es58x: correctly anchor the urb in the read bulk callback When subm2026-03-25
GHSA
GHSA-6pcx-mjxw-6w72: In the Linux kernel, the following vulnerability has been resolved: can: usb: etas_es58x: correctly anchor the urb in the read bulk callback When su2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: can: usb: etas_es58x: correctly anchor the urb in the read bulk callback2026-03-25
Microsoft
can: usb: etas_es58x: correctly anchor the urb in the read bulk callback2026-03-10
Debian
CVE-2026-23324: linux - In the Linux kernel, the following vulnerability has been resolved: can: usb: e...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23324 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23324 — Linux vulnerability | cvebase