SB2026020248 - Memory leak in Linux kernel net usb driver
Published: February 2, 2026
Security Bulletin ID
SB2026020248
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2026-23021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the update_eth_regs_async() function in drivers/net/usb/pegasus.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/471dfb97599eec74e0476046b3ef8e7037f27b34
- https://git.kernel.org/stable/c/5397ea6d21c35a17707e201a60761bdee00bcc4e
- https://git.kernel.org/stable/c/93f18eaa190374e0f2d253e3b1a65cee19a7abe6
- https://git.kernel.org/stable/c/a40af9a2904a1ab8ce61866ebe2a894ef30754ba
- https://git.kernel.org/stable/c/ac5d92d2826dec51e5d4c6854865bc5817277452
- https://git.kernel.org/stable/c/afa27621a28af317523e0836dad430bec551eb54
- https://git.kernel.org/stable/c/ce6eef731aba23a988decea1df3b08cf978f7b01