CVE-2026-23347Missing Reference to Active Allocated Resource in Linux

CWE-771Missing Reference to Active Allocated Resource9 documents8 sources
Severity
7.8HIGH
No vector
EPSS
0.0%
top 93.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it needs to be anchored before submitting it otherwise it could be leaked if usb_kill_anchored_urbs() is called. This logic is correctly done elsewhere in the driver, except in the read bulk callback so do that here also.

Affected Packages3 packages

Linuxlinux/linux_kernel6.5.06.6.130+3
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux88da17436973e463bed59bea79771fb03a21555e54ee74307165b348b2fddcd7942eb48fb4ee1237+5

🔴Vulnerability Details

4
CVEList
can: usb: f81604: correctly anchor the urb in the read bulk callback2026-03-25
OSV
can: usb: f81604: correctly anchor the urb in the read bulk callback2026-03-25
GHSA
GHSA-75xj-x496-vm4v: In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submit2026-03-25
OSV
CVE-2026-23347: In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submitti2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: can: usb: f81604: correctly anchor the urb in the read bulk callback2026-03-25
Microsoft
can: usb: f81604: correctly anchor the urb in the read bulk callback2026-03-10
Debian
CVE-2026-23347: linux - In the Linux kernel, the following vulnerability has been resolved: can: usb: f...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23347 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23347 — Linux vulnerability | cvebase