SB2026051454 - Improper resource shutdown or release in Linux kernel net usb driver



SB2026051454 - Improper resource shutdown or release in Linux kernel net usb driver

Published: May 14, 2026

Security Bulletin ID SB2026051454
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Physical access
Highest impact Partial DoS

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper resource shutdown or release (CVE-ID: CVE-2026-43479)

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows an attacker with physical access to cause a denial of service.

The vulnerability exists due to improper resource shutdown in the lan78xx USB network driver disconnect path when handling USB device disconnect. An attacker with physical access can disconnect a crafted USB network device to cause a denial of service.


Remediation

Install update from vendor's website.