SB2026051454 - Improper resource shutdown or release in Linux kernel net usb driver
Published: May 14, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper resource shutdown or release (CVE-ID: CVE-2026-43479)
CWE-ID: CWE-404 - Improper Resource Shutdown or Release
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows an attacker with physical access to cause a denial of service.
The vulnerability exists due to improper resource shutdown in the lan78xx USB network driver disconnect path when handling USB device disconnect. An attacker with physical access can disconnect a crafted USB network device to cause a denial of service.
Remediation
Install update from vendor's website.