Out-of-bounds read in Linux kernel - CVE-2026-23307
Published: March 25, 2026
Vulnerability identifier: #VU124556
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23307
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in the ems_usb_read_bulk_callback() function in the CAN USB driver when handling USB bulk callback data. A local user can provide specially crafted USB input to cause memory access beyond the buffer bounds, leading to a system crash.
The attacker must have local system access and the ability to interact with the CAN USB driver via USB interface.
How to mitigate CVE-2026-23307
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/1818974e1b5ef200e27f144c8cb8a246420bb54d
- https://git.kernel.org/stable/c/18f75b9cbdc3703f15965425ab69dee509b07785
- https://git.kernel.org/stable/c/1cf469026d4a2308eaa91d04dca4a900d07a5c2e
- https://git.kernel.org/stable/c/2833e13e2b099546abf5d40a483b4eb04ddd1f7b
- https://git.kernel.org/stable/c/38a01c9700b0dcafe97dfa9dc7531bf4a245deff
- https://git.kernel.org/stable/c/c703bbf8e9b4947e111c88d2ed09236a6772a471