SB20260325152 - Out-of-bounds read in Linux kernel can usb driver
Published: March 25, 2026
Security Bulletin ID
SB20260325152
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-23307)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in the ems_usb_read_bulk_callback() function in the CAN USB driver when handling USB bulk callback data. A local user can provide specially crafted USB input to cause memory access beyond the buffer bounds, leading to a system crash.
The attacker must have local system access and the ability to interact with the CAN USB driver via USB interface.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1818974e1b5ef200e27f144c8cb8a246420bb54d
- https://git.kernel.org/stable/c/18f75b9cbdc3703f15965425ab69dee509b07785
- https://git.kernel.org/stable/c/1cf469026d4a2308eaa91d04dca4a900d07a5c2e
- https://git.kernel.org/stable/c/2833e13e2b099546abf5d40a483b4eb04ddd1f7b
- https://git.kernel.org/stable/c/38a01c9700b0dcafe97dfa9dc7531bf4a245deff
- https://git.kernel.org/stable/c/c703bbf8e9b4947e111c88d2ed09236a6772a471