SB20260325110 - Resource exhaustion in Linux kernel can usb driver
Published: March 25, 2026
Security Bulletin ID
SB20260325110
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2026-23347)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper resource management in the CAN USB driver (f81604) when handling URB (USB Request Block) anchoring in the read bulk callback. A local user can trigger improper submission of an unanchored URB to cause a denial of service.
Exploitation requires local system access and interaction with the affected USB CAN device driver.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/54ee74307165b348b2fddcd7942eb48fb4ee1237
- https://git.kernel.org/stable/c/7724645c4792914cd07f36718816c5369cc57970
- https://git.kernel.org/stable/c/952caa5da10bed22be09612433964f6877ba0dde
- https://git.kernel.org/stable/c/c001214e12202338425d6dda5d2a1919d674282d
- https://git.kernel.org/stable/c/f6d80b104f904a6da922907394eec66d3e2ffc57